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Federal Communications Commission (FCC) Interference Statement 

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: 

• This device may not cause harmful interference. 

• This device must accept any interference received, including interference that may cause undesired 
operations. 

This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant 
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful 
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency 
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to 
radio communications. 

If this equipment does cause harmful interference to radio/television reception, which can be determined by 
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of 
the following measures: 

• Reorient or relocate the receiving antenna. 

• Increase the separation between the equipment and the receiver. 

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 

• Consult the dealer or an experienced radio/TV technician for help. 
Notice 1 

Changes or modifications not expressly approved by the party responsible for compliance could void the 
user's authority to operate the equipment. 

Notice 2 

Shielded RS-232 cables are required to be used to ensure compliance with FCC Part 15, and it is the 
responsibility of the user to provide and use shielded RS-232 cables. 
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ZyXEL Limited Warranty 

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials 
or workmanship for a period of up to two (2) years from the date of purchase. During the warranty period, 
and upon proof of purchase, should the product have indications of failure due to faulty workmanship 
and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components 
without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the 
product or components to proper operating condition. Any replacement will consist of a new or re- 
manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. 
This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of 
God, or subjected to abnormal working conditions. 

Note 

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This 
warranty is in lieu of all other warranties, express or implied, including any implied warranty of 
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect 
or consequential damages of any kind of character to the purchaser. 

To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty 
Card for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It 
is recommended that the unit be insured when shipped. Any returned products without proof of purchase or 
those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer 
will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the 
corresponding return address, Postage Paid (USA and territories only). If the customer desires some other 
return destination beyond the U.S. borders, the customer shall bear the cost of the return shipment. This 
warranty gives you specific legal rights, and you may also have other rights that vary from state to state. 
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Customer Support 

If you have questions about your ZyXEL product(s) or desire assistance, please contact ZyXEL 
Communications Corporation offices worldwide, in any one of the following ways. Our ftp sites are also 
available for software and ROM upgrades. 



Method 


International 


North America 


Scandinavia 


E-Mail-Tech 
Support 


support@zyxel.com.tw 
support@zyxel.co.at (Europe) 


support@zyxel.com 


support@zyxel.dk 


E-Mail-Sales 


sales@zyxel.com.tw 


sales@zyxel.com 


sales@zyxel.dk 
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Telephone 
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+oob-o-b/o-jy4ii 
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+1-/1 4-bo^-Uoo^ 
800-255-4101 


, a c once n7nn 


Fax 


+886-3-578-2439 


+1-714-632-0858 


+45-3955-0707 


FTP Sites 


ftp.zyxel.dk 


ftp.zyxel.com 


ftp.zyxel.dk 


Regular 
Mail 


ZyXEL Communications 
Corp., 6 Innovation Road II, 
Science-Based Industrial 
Park, HsinChu, Taiwan 300, 
R.O.C. 


ZyXEL 

Communications 
Inc., 1650 Miraloma 
Avenue, Placentia, 
CA 92870, U.S.A. 


ZyXEL 

Communications A/S, 
Columbusvej 5, 2860 
Soeborg, Copenhagen, 
Denmark. 
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Preface 

About Your ADSL Internet Access Router 

Congratulations on your purchase of the Prestige 641 ADSL Internet Access Router. 

The Prestige 641 (P641) is an ADSL router used for Internet/LAN access via an ADSL line. The Prestige 
641 supports multi -protocol routing for TCP/IP and Novell IPX, as well as transparent bridging for other 
protocols. We will refer to the Prestige 641 as the P641 or simply the Prestige from now on. 

The P641 can run upstream maximum transmission rates of 640Kbps and downstream maximum 
transmission rates of 8Mbps. The actual rate depends on the copper category of your telephone wire, 
distance from the central office and the type of ADSL service subscribed. See the sections below for more 
background information on DSL and ADSL. 

The P641's 10/100M auto-negotiating LAN interface enables fast data transfer of either 10Mbps or 
100Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. 

Your Prestige is easy to install and to configure. All functions of the Prestige are software configurable via 
the SMT (System Management Terminal) Interface. 

About This User's Guide 

This user's guide covers all aspects of the Prestige 641 operations and shows you how to get the best out of 
the multiple advanced features of your ADSL Internet Access Router. This manual is designed to guide you 
through the correct configuration of your Prestige 641 for various applications. 

Syntax Conventions 

• "Enter" means for you to type one or more characters and press the carriage return. "Select" or 
"Choose" means for you to select one from the predefined choices. 

• The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold 
Arial font. A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] 
means the Enter, or carriage return, key; [ESC] means the Escape key. 

• For brevity's sake, we will use "e.g." as a shorthand for "for instance", and "i.e." as a shorthand for 
"that is" or "in other words" throughout this manual 
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Structure of this Manual 



Getting Started (Chapters 1 -2) 

This helps you connect, install and setup your Prestige to operate 
on your network. 



The Internet (Chapter 3) 

This shows you how to configure your Prestige for Internet access. 



Advanced Applications (Chapters 4-7) 

Describes how to use your Prestige for more advanced applications 
such as LAN-to-LAN connectivity for TCP/IP and Novell IPX, and 
transparent bridging for other protocols. 



Management & Maintenance (Chapters 8-10) 

This shows you how to create/apply filters and manage/maintain 
your system. 



Troubleshooting (Chapter 1 1 ) 

This provides information about solving common problems. 



The following section offers some background information on ADSL. Skip to Chapter 1 if you wish to 
begin to begin working with your router right away. 
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What is DSL? 

DSL (Digital Subscriber Line) enhances the data capacity of the existing twisted-pair wire that runs 
between the local telephone company switching offices and most homes and offices. While the wire itself 
can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 
Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to 
improve access to the Web - hence DSL technologies! 

There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The 
services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the 
downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for 
Internet users because more information is usually downloaded than uploaded. For example, a simple 
button click in a web browser can start an extended download that includes graphics and text. 

As data rates increase, the carrying distance decreases. That means that users who are beyond a certain 
distance from the telephone company's central office may not be able to obtain the higher speeds. A DSL 
connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing 
required. 

What is ADSL? 

It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream 
data rate. As mentioned, this works well for a typical Internet session in which more information is 
downloaded, e.g., from Web servers, than is uploaded. ADSL operates in a frequency range that is above 
the frequency range of voice services, so the two systems can operate over the same cable. 
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Prestige 641 ADSL Internet Access Router 

Chapter 1 

Getting to Know Your ADSL Internet Access 

Router 

This chapter describes the key features 
and applications of the Prestige 641. 

1.1 Prestige 641 ADSL Internet Access Router 

Your Prestige integrates a high-speed 10/1 00Mbps auto-negotiating LAN interface and one high-speed 
ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN- 
to-LAN connections to remote networks. 

1 .2 Features of the Prestige 641 

Your Prestige is packed with a number of features that give it the flexibility to provide a complete 
networking solution for almost any user. 

• Ease of Installation 

Your Prestige is designed for quick, intuitive and easy installation. Physically, its compact size and 
lightweight make it easy to position anywhere in your busy office. 

• High Speed Internet Access 

The P640 ADSL router can support downstream transmission rates of up to 8Mbps and upstream 
transmission rates of 640Kbps. The P641 also supports rate management. Rate management allows ADSL 
subscribers to select an Internet access speed that best suit their needs and budget. 

• 10/100M Fast Ethernet LAN Interface 

The P641's 10/100M auto-negotiating LAN interface enables fast data transfer of either 10Mbps or 
100Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. 

• Protocols Supported 

♦ TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol. 

♦ PPP (Point-to-Point Protocol) link layer protocol. 
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♦ SUA™ (Single User Account) and NAT (Network Address Translation). 

• Multiple Protocol Support 

♦ Novel IPX (Internetwork Packet eXchange) network layer protocol. 

♦ Transparently bridging for unsupported network layer protocols. 

• DHCP Support 

DHCP (Dynamic Host Configuration Protocol) allows you to automatically assign TCP/IP settings to 
workstations on your network. 

• Networking Compatibility 

Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) 
providers, making configuration as simple as possible for you. 

• Multiplexing 

The Prestige 641 supports VC -based and LLC -based multiplexing. 

• Encapsulation 

The Prestige 641 supports PPP (RFC 2364 - PPP over ATM Adaption Layer 5), RFC 1483 encapsulation 
over ATM, MAC encapsulated routing as well as PPP over Ethernet (RFC 2516). 

• NAT/SUA for single-IP-address Internet Access 

The Prestige's SUA (Single User Account) feature allows multiple user Internet access for the cost of a 
single IP account. SUA supports popular Internet application, such as MS traceroute, CuSeeMe, IRC, 
RealAudio, VDOLive, Quake, and PPTP. No configuration is needed to support these applications. 

• Full Network Management 

♦ SNMP (Simple Network Management Protocol) support. 

♦ Accessing SMT (System Management Terminal) through a telnet connection 

♦ Windows based PNC (Prestige Network Commander) 

• PAP and CHAP Security 

The Prestige supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake 
Authentication Protocol). CHAP is more secure since the password is scrambled prior to transmission. 
However, PAP is readily available on more platforms. 

• Filters 

The Prestige's packet filtering functions allows added network security and management. 
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1 .3 Applications for the Prestige 641 
1.3.1 Internet Access 

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP protocol, 
which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber 
Line Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a 
backbone network interface/connection (e.g., Tl, OC3, DS3, ATM or Frame Relay). Think of it as the 
equivalent of a modem rack for ADSL. A typical Internet Access application is shown below. 



Small / Home Office LAN 



)U)U) 



aML^jjjj 




INTERNET 



Edge 
Router 



10/100M Ethernet 



DSLAM 



Prestiee 



Figure 1-1 Internet Access Application 
Internet Single User Account 

For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) 
feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for 
the cost of a single user. 

1 .3.2 LAN to LAN Application 

You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical 
LAN-to-LAN application for your Prestige is shown as follows. 



Getting to know your Prestige 



1-3 



Prestige 641 ADSL Internet Access Router 



Remote Network 



Local Network 




Figure 1-2 LAN-to-LAN Application 
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Chapter 2 

Hardware Installation & Initial Setup 

This chapter describes the physical features of the 
Prestige and how to make the cable connections. 

2.1 Front Panel LEDs OF P641 

The LED indicators on the front panel indicate the operational status of the Prestige 641. The table below 
the diagram describes the LED functions: 



Z/XEL 








PRESTIGE 

600 SERIES 




PWR SYS 


, LAN | 

10M 100M 


ADSL 





Figure 2-1 Prestige 641 Front Panel. 
Table 2-1 Front Panel LED Description 



PWR 


The PWR (power) LED is on when power is applied to the Prestige. 


SYS 


A steady on SYS (system) LED indicates the Prestige is on and functioning properly 
while an off SYS LED indicates the system is not ready or a malfunction. The 
system is rebooting when the SYS LED is blinking. 


LAN 10M 


A steady green light indicates a 10Mb Ethernet connection. The LED blinks when 
data is being sent/received. 


LAN 100M 


A steady orange light indicates a 1 00Mb Ethernet connection. The LED will blink 
when data is being sent/received. 


ADSL 


The ADSL LED is on when the Prestige is connected successfully to a DSLAM. The 
LED blinks when data is being sent/received. The LED is off when the link is down. 



2.2 Prestige 641 Rear Panel and Connections 

The following figure shows the rear panel connectors of your Prestige. 
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Step 1 . 



Figure 2-2 Prestige 641 Rear Panel 
Connecting the ADSL Line 



Connect the Prestige directly to the wall jack using the included ADSL cable. Connect the micro filter(s) 
(supplied - see Figure 2-4 Connecting the Microfilter) between the wall jack and your telephone(s). The 
micro filters act as low pass filters (voice transmission takes place in the 0 to 4KHz bandwidth). 

Step 2. Connecting a Workstation to the Prestige 10/1 00 M LAN port 

Ethernet lOBase-T networks use Shielded Twisted Pair (STP) cable with RJ-45 connectors that look like a 
bigger telephone plug with 8 pins. Use the crossover cable (red tag) to connect your Prestige 641 to a 
computer directly. Use straight through Ethernet cable (white tag) to connect to an external hub and then 
connect one end of a straight through Ethernet cable (white tag) from the hub to the NIC on the workstation. 

Step 3. Connecting the Power Adapterto your Prestige 

Connect the power adapter to the port labeled POWER on the rear panel of your Prestige. 

Step 4. Connecting the Console Port 

For the initial configuration of your Prestige, you need to use terminal emulator software on a workstation 
and connect it to the Prestige through the console portConnect the 9-pin (smaller) end of the console cable 
to the console port of the Prestige and the 25 -pin (bigger) end to a serial port (COM1, COM2 or other COM 
port) of your workstation. You can use an extension RS-232 cable if the enclosed one is too short. 

2.3 Additional Installation Requirements 

In addition to the contents of your package, there are other hardware and software requirements you need 
before you can install and use your Prestige. These requirements include: 

• A computer with Ethernet 1 OB ase-T/ 100Base-T NIC (Network Interface Card). 

• A computer equipped with communications software (for example, Hyper Terminal in Win95) 
configured to the following parameters: 



> VT100 terminal emulation. 
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> 9600 Baud rate. 

> No parity, 8 Data bits, 1 Stop bit. 

After the Prestige has been successfully connected to your network, you can make future changes to the 
configuration through telnet application. 

2.4 Housing 

Your Prestige's ventilated housing has clip-out legs that fit snugly into grooves, enabling compact, sturdy 
stacking with airflow between routers. You should not stack more than 4 routers for maximum stability. 

2.5 Telephone Microfilters 

Telephone voice transmissions take place in the lower frequency range, 0 - 4KHz, while ADSL 
transmissions take place in the higher bandwidth range, above 4KHz. ZyXEL provides a microfilter that 
acts as a low-pass filter for your telephone to ensure that ADSL transmissions do not interfere with your 
telephone voice transmissions. Connect a phone cable from the wall jack to the wall side of the microfilter, 
and then connect the phone side of the microfilter to your telephone as shown. 




Figure 2-3 Microfilter 
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Figure 2-4 Connecting the Microfilter 



2.6 Power On Your Prestige 



At this point, you should have connected the console port, the ADSL line, the Ethernet port and the power 
port to the appropriate devices or lines. You can now apply power to the Prestige by turning the switch on. 

Stepl. Initial Screen 

When you power on your Prestige, it performs several internal tests as well as line initialization. After the 
initialization, the Prestige asks you to press Enter to continue, as shown. 
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Copyright (c) 1994 - 1999 ZyXEL Communications Corp. 
initialize ch -0, ethernet address: 00 : aO : c5 : 0 1 : 2 3 : 45 

WAN Channel init done 

Download ADSL modem SW 



Press ENTER to continue... 



Figure 2-5 Power-On Display 

Step 2. Entering Password 

The login screen appears after you press Enter, prompting you to enter the password, as shown below. 

For your first login, enter the default password 1234. As you type the password, the screen displays a (X) 
for each character you type. 

Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will 
automatically log you out and will display a blank screen. If you see a blank screen, press [Enter] to bring 
up the login screen again. 



Enter Password : XXXX 



Figure 2-6 Login Screen 
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2.7 Navigating the SMT Interface 

The SMT (System Management Terminal) is the interface that you use to configure your Prestige. 

Several operations that you should be familiar with before you attempt to modify the configuration are 
listed in the table below. 



Table 2-2 Main Menu Commands 



Operation 


Press/<read> 


Description 


Move forward to 
another menu 


[Enter] 


To move forward to a sub-menu, type in the number of the 
desired sub-menu and press [Enter]. 


Move backward to 
a previous menu 


[Esc] 


Press the [Esc] key to move back to the previous menu. 


Move to a 
submenu 


Press the [Space 
bar] to change No 
to Yes then press 
[ENTER]. 


Fields beginning with "Edit" have a default setting of No. Press 
the [Space bar] to change No to Yes, then press [ENTER] to go 
to a submenu. 


Move the cursor 


[Enter] or 

[Up]/[Down] arrow 
keys 


Within a menu, press [Enter] to move to the next field. You can 
also use the [Up]/[Down] arrow keys to move to the previous and 
the next field, respectively. 


Enter information 


Fill in, or 

Press the [Space 
bar] to toggle 


You need to fill in two types of fields. The first requires you to 
type in the appropriate information. The second allows you to 
cycle through the available choices by pressing the [Space] bar. 


Required fields 


<?> 


All fields with the symbol <?> must be filled in order be able to 
save the new configuration. 


N/A fields 


<N/A> 


Some of the fields in the SMT will show a <N/A>. This symbol 
refers to an option that is Not Applicable. 


Save your 
configuration 


[Enter] 


Save your configuration by pressing [Enter] at the message 
[Press ENTER to confirm or ESC to cancel]. Saving the data on 
the screen will take you, in most cases to the previous menu. 


Exit the SMT 


Type 99, then 
press [Enter]. 


Type 99 at the Main Menu prompt and press [Enter] to exit the 
SMT interface. 
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After you enter the password, the SMT displays the Main Menu, as shown below. 



Copyright {c> 1994 - 1999 ZyXEL Communications Corp. 
Prestige 641 Main Menu 



Getting Started 

I. General Setup 

3. Ethernet Setup 

4. Internet Access Setup 

Advanced Applications 

II. Remote Node Setup 
12. Static Routing Setup 
15. SUA Server Setup 



Advanced Management 

21 . Filter Set Configuration 

22. SNMP Configuration 

23. System Password 

24. System Maintenance 



99. Exit 



Enter Menu Selection Number: 



Figure 2-7 SMT Main Menu 
2.7.1 System Management Terminal Interface Summary 

Table 2-3 Main Menu Summary 



# 


Menu Title 


Description 


1 


General Setup 


Use this menu to set up general information. 


3 


Ethernet Setup 


Use this menu to set up your LAN connection. 


4 


Internet Access Setup 


A quick and easy way to set up an Internet connection. 


11 


Remote Node Setup 


Use this menu to set up the Remote Node for LAN-to-LAN connection, 
including Internet connection. 


12 


Static Routing Setup 


Use this menu to set up static routes. 


15 


SUA Server Setup 


Use this menu to specify inside servers when SUA is enabled. 


21 


Filter Set Configuration 


Use this menu to set up filters to provide security, etc. 


22 


SNMP Configuration 


Use this menu to set up SNMP related parameters. 


23 


System Password 


Use this menu to change your password. 


24 


System Maintenance 


This menu provides system status, diagnostics, software upload, etc. 


99 


Exit 


To exit from SMT and return to a blank screen. 
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2.8 Changing the System Password 

The first thing your should do before anything else is to change the default system password by following 
the steps below. 

Step 1 . Enter 23 in the Main Menu to open Menu 23 - System Password as shown below. 

When the Submenu 23 System Password appears, type in your existing system password, i.e., 1234, and 
press [Enter]. 



Menu 23 - System Password 

Old Password^ **** 
New Password^ **** 
Retype to confirm- **** 



Enter here to CONFIRM or ESC to CANCEL : 

Figure 2-8 Menu 23.1 - System Password 
Step 2. Enter your new system password (up to 30 characters), and press [Enter]. 
Step 3. Re-type your new system password for confirmation and press [Enter]. 
Note that as you type a password, the screen displays a (*) for each character you type. 

2.9 Resetting the Prestige 

If you have forgotten your password or for some reason cannot access the SMT menu you will need to 
reinstall the configuration file. Uploading the configuration file replaces the current configuration file with 
the default configuration file, you will lose all configurations that you had before and the speed of the 
console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit (8nl). The 
password will be reset to the default of 1234, also. 

Turn off the Prestige and begin a Telnet session with the default console port settings. Turn on the Prestige 
again. You should see the following screen. When you see the message " Press Any key to enter Debug 
Mode within 3 seconds", press any key to enter debug mode. You should already have downloaded the 
"romfile.zip" file from the Internet and unzipped it. See section 10.5 Restore Configuration on page 10-9 for 
more information. 

2.9.1 Filename conventions 

The configuration filename is the router model name with a rom extension, e.g., p641.rom. The ZyNOS 
firmware filename is the router model name with a bin extension, e.g., p641.bin. Rename the latter filename 
to "ras" when uploading to the Prestige. See section 10.6 Firmware Update on page 10-9 for more 
information. 
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2.10 General Setup 

Menu 1 - General Setup contains administrative and system-related information. 
To enter Menu 1 and fill in the required information, follow these steps: 
Step 1 . Enter 1 in the Main Menu to open Menu 1 - General Setup. 

Step 2. The Menu 1 - General Setup screen appears, as shown below. Fill in the required fields marked 
[?] and turn on the individual protocols for your applications, as explained in the following table. 



Menu 1 - General 


Setup 


System Name= P641 




Location- branch 




Contact Person's Name- JohnDoe 




Route IP= Yes 




Route IPX= No 




Bridge- No 




Press ENTER to Confirm or 


ESC to Cancel: 



Figure 2-9 Menu 1 - General Setup 
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Table 2-4 General Setup Menu Fields 



Field 


Description 


Example 


System Name 


Choose a descriptive name for identification purposes. This name can be 
up to 30 alphanumeric characters long. Spaces are not allowed, but 
dashes "-" and underscores "_" are accepted. 


P641 


Location (optional) 


Enter the geographic location (up to 31 characters) of your Prestige. 


MyHouse 


Contact Person's 
Name (optional) 


Enter the name (up to 30 characters) of the person in charge of this 
Prestige. 


JohnDoe 


Protocols: 


Turn on or off routing for the individual protocols. 


Press 
space-bar 
to toggle 


Route IP 


Set this field to Yes to enable IP routing. You must enable IP routing for 
Internet access. 


Yes/No 


Route IPX 


Set this field Yes to enable IPX routing. 


Yes/No 


Bridge 


Turn on/off bridging for protocols not supported (e.g., SNA) or not turned 
on in the previous Route fields. 


Yes/No 



2.10.1 Note on Bridging 



When bridging is enabled, your Prestige forwards any packet that it does not route. Without bridging, the 
packets that the Prestige does not route are simply discarded. Compared to routing, bridging generates far 
more traffic for the same network protocol and consumes more CPU cycles and memory. 

2.11 Ethernet Setup 

This section describes how to configure the Ethernet using Menu 3 - Ethernet Setup. From the Main 
Menu, enter 3 to open Menu 3. 



Menu 3 - Ethernet 


Setup 


1. General Setup 




2. TCP/IP and DHCP Setup 




Enter Menu Selection 


Number : 



Figure 2-10 Menu 3 - Ethernet Setup 
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Menu 3 - Ethernet Setup 



1 . General Setup 

2. TCP/IP and DHCP Setup 

3. Novell IPX Setup 

4 . Bridge Setup 



Figure 2-11 Menu 3 - Ethernet Setup 
2.11.1 General Ethernet Setup 

This menu allows you to specify filter set(s) that you wish to apply to the Ethernet traffic. You seldom 
need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic 
and prevent security breaches. 

I i 

Menu 3.1 - General Ethernet Setup 

Input Filter Sets: 
protocol filters^ 
device filters- 
Output Filter Sets: 
protocol filters^ 
device filters- 
Press ENTER to Confirm or ESC to Cancel: 

Figure 2-12 Menu 3.1 - General Ethernet Setup 

If you need to define filters, please read the Filter Set Configuration chapter first, then return to this menu 
to define the filter sets. 

2.12 Protocol Dependent Ethernet Setup 

Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as 
outlined below. 

• For TCP/IP Ethernet setup refer to Chapter 3 - Internet Access Application. 

• For Novell IPX Ethernet setup refer to Section 6.3 - IPX Ethernet Setup in Chapter 6 - IPX 
Configuration. 

• For bridging Ethernet setup refer to Chapter 7 - Bridging Setup. 
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Chapter 3 

Internet Access 

This chapter shows you how to configure the LAN as 
well as the WAN of your Prestige for Internet access. 

3.1 Factory Ethernet Defaults 

The Ethernet parameters of the Prestige are preset in the factory with the following values: 

1. IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits). 

2. DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. 

These parameters should work for the majority of installations. If the parameters are satisfactory, you can 
skip to section 3.4 TCP/IP Ethernet Setup and DHCP to enter the DNS server address(es) if your ISP 
gives you explicit DNS server address(es). If you wish to change the factory defaults or to learn more about 
TCP/IP, please read on. 

3.2 TCP/IP Parameters 

3.2.1 IP Address and Subnet Mask 

Similar to the houses on a street that share a common street name, the machines on a LAN share one 
common network number, also. 

Where you obtain your network number depends on your particular situation. If the ISP or your network 
administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP 
addresses and the subnet mask. 

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account 
and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is 
recommended that you select a network number from 192.168.0.0 to 192.168.255.0 (ignoring the trailing 
zero) and you must enable the Single User Account feature of the Prestige. The Internet Assigned Number 
Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other 
number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which 
covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other 
words, the first 3 numbers specify the network number while the last number identifies an individual 
workstation on that network. 



Internet Access 



3-1 



Prestige 641 ADSL Internet Access Router 

Once you have decided on the network number, pick an IP address that is easy to remember, e.g., 
192.168.1.1, for your Prestige. 

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the 
subnet mask automatically based on the IP address that you entered. You don't need to change the subnet 
mask computed by the Prestige unless you are instructed to do otherwise. 

3.2.2 RIP Setup 

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. 
The RIP Direction field controls the sending and receiving of RIP packets. When set to both, the Prestige 
will broadcast its routing table periodically and incorporate the RIP information that it receives; when set to 
none, it will not send any RIP packets and will ignore any RIP packets received. 

The Version field controls the format and the broadcasting method of the RIP packets that the Prestige 
sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more 
information. RIP-1 is probably adequate for most networks, unless you have a unusual network topology. 

Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses 
subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router 
machines since they generally do not listen to the RIP multicast address and so will not receive the RIP 
packets. However, if one router uses multicasting, then all routers on your network must use multicasting, 
also. 

By default, RIP direction is set to Both and the Version set to RIP-1 . 

3.2.3 DHCP Configuration 

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the 
TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server 
capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS 
servers to Windows 95, Windows NT and other systems that support the DHCP client. The Prestige can 
also act as a surrogate DHCP server where it relays IP address assignment from the actual DHCP server to 
the clients. 

IP Pool Setup 

The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64 for 
the client machines. This leaves 31 IP addresses, 192.168.1.2 to 192.168.1.32 (excluding the Prestige itself 
which has a default IP of 192.168.1.1) for other server machines, e.g., server for mail, FTP, telnet, web, 
etc., that you may have. 

DNS Server Address 

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa, 
e.g., the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because 
without it, you must know the IP address of a machine before you can access it. The DNS server addresses 
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that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and 
subnet mask. 

There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a 
customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If 
your ISP does give you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, 
otherwise, leave them blank. 

Some ISP's choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control 
Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the 
DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server 
extensions through the DNS proxy feature. 

If the Primary and Secondary DNS Server fields in DHCP Setup are not specified, i.e., left as 0.0.0.0, the 
Prestige tells the DHCP clients that it itself is the DNS server. When a workstation sends a DNS query to 
the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the 
response back to the workstation. 

Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not 
mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you 
explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup menu. This way, the 
Prestige can pass the DNS servers to the workstations and the workstations can query the DNS server 
directly without the Prestige's intervention. 

3.3 Route IP Setup 

The first step is to enable the IP routing in Menu 1 - General Setup. 

To edit Menu 1, enter 1 in the Main Menu to select General Setup and press [Enter]. Set the Route IP 
field to Yes by pressing the space bar. 



Menu 1 - General Setup 

System Name= P641 

Location^ location 

Contact Person's Name- name 

C^Route IP= Yes~^> 
Route 1PX= No 
Bridge- No 



Press ENTER to Confirm or ESC to Cancel: 



Figure 3-1 Menu 1 - General Setup 
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3.4 TCP/IP Ethernet Setup and DHCP 

You will now use Menu 3.2 to configure your Prestige for TCP/IP. 
To edit Menu 3.2, enter 3 to open the Menu 3 - Ethernet Setup from the Main Menu, 
appears, select the submenu option TCP/IP and DHCP Setup and press [Enter] . The 
Menu 3.2 - TCP/IP and DHCP Ethernet Setup, as shown next. 



When Menu 3 
screen now displays 



Menu 3.2 - TCP/IP and DHCP Ethernet Setup 



DHCP Setup: 
DHCP= Server 

Client IP Pool Starting Add_r 
Size of Client IP Pool= 32 
Primary DNS Serve 
Secondary DNS Serve 
Remote DHCP Server= N/A 



r ruux— jz ^ 

er= 0.0.0.0 1 
rver= 0.0.0. Oj ' 



TCP/IP Setup: 

IP Address= 192.68.1.1 
IP Subnet Mask= 255.255.255.0 
RIP Direction= Both 
Version= RIP-1 



Enter here to CONFIRM or ESC to CANCEL : 
Press Space Bar to Toggle. 




First address 
in the IP Pool 



Size of the IP 
Pool 



IP addresses 
of the DNS 
servers 



Figure 3-2 Menu 3.2 - TCP/IP and DHCP Ethernet Setup 

Follow the instructions in the following table on how to configure the DHCP fields. 

Table 3-1 DHCP Ethernet Setup Menu Fields 



Field 


Description 


Example 


DHCP Setup 






DHCP= 


This field enables/disables the DHCP server/relay. If it is set to 
Server, your Prestige will act as a DHCP server. If set to None, 
the DHCP server will be disabled. If set to Relay, the Prestige 
acts as a surrogate DHCP server and relays DHCP requests 
and responses between the remote server and the clients. 

When DHCP is used, the following items need to be set: 


None 
Server (default) 
Relay 


Client IP Pool Starting 
Address 


This field specifies the first of the contiguous addresses in the 
IP address pool. 


192.168.1.33 


Size of Client IP Pool 


This field specifies the size, or count, of the IP address pool. 


32 


Primary DNS Server 

Secondary DNS 
Server 


Enter the IP addresses of the DNS servers. The DNS servers 
are passed to the DHCP clients along with the IP address and 
the subnet mask. 




Remote DHCP 
Server 


If Relay is selected in the DHCP= field above, then enter the IP 
address of the actual, remote DHCP server here. 
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3.5 LANs & WANs 

A LAN (Local Area Network) is a computer network limited to the immediate area, usually the same 
building or floor of a building. A WAN (Wide Area Network), on the other hand is an outside connection to 
another network or the Internet. 



3.5.1 LANs, WANs and the Prestige 

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are 
two separate IP networks, one inside, the LAN network; the other outside, the WAN network as shown 
next. 



I 



LAN 



WAN 



WAN IP 



LAN IP 




The interface to 
the LAN is 
Ethernet 



The interface to the Internet or a remote 
node is the ADSL port 



Figure 3-3 LAN & WAN IPs 
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Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port. 



Table 3-2 TCP/IP Ethernet Setup Menu Fields 



Field 


Description 


Example 


TCP/IP Setup 






IP 

Address 


Enter the (LAN) IP address of your Prestige in dotted decimal 
notation 


192.168.1.1 
(default) 


IP Subnet Mask 


Your Prestige will automatically calculate the subnet mask based 
on the IP address that you assign. Unless you are implementing 
subnetting, use the subnet mask computed by the Prestige 


255.255.255.0 


RIP 

Direction 


Press the space bar to select the RIP direction from Both/In 
Only/Out Only or None. 


Both 

(default) 


Version 


Press the space bar to select the RIP version from RIP-1/RIP- 
2B/RIP-2M. 


RIP-1 

(default) 


When you have completed this menu, press [Enter] at the prompt [Press ENTER to Confirm...] to 
save your configuration, or press [Esc] at any time to cancel. 



3.6 VPI & VCI 

Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers 
supplied by the Telephone Company. Please see VPI & VCI in Appendix B for more information. 



3.7 Multiplexing 

There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the 
multiplexing method required by your ISP. 

3.7.1 VC-based multiplexing 

In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit, e.g., VCI 
carries IP, VC2 carries IPX, etc. VC-based multiplexing may be dominant in environments where dynamic 
creation of large numbers of ATM VCs is fast and economical. 

3.7.2 LLC-based multiplexing 

In this case one VC carries multiple protocols with protocol identifying information being contained in each 
packet header. Despite the extra bandwidth and processing overhead, this method may be advantageous if it 
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is not practical to have a separate VC for each carried protocol, e.g, if charging heavily depends on the 
number of simultaneous VCs. 



3.8 Encapsulation 



Be sure to use the encapsulation method required by your ISP. The Prestige supports the following 
methods. 

3.8.1 ENET ENCAP 

The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network 
protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so 
that they can be understood in a bridged environment i.e., it encapsulates routed Ethernet frames into 
bridged ATM cells. ENET ENCAP requires that you specify a gatway IP address in the Ethernet 
Encapsulation Gateway field in Menu 4 and in the Rem IP Addr field in Menu 11.1. You can get this 
information from your ISP. Please see RFC 1483MER for more details. 

3.8.2 PPP over Ethernet 

The Prestige bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM 
PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session 
terminates. One PVC can support any number of PPP sessions from your LAN. PPPoE provides access 
control and billing functionality in a manner similar to dial-up services using PPP. 

For more information on PPPoE, see PPP over Ethernet in Appendix A. 

3.8.3 PPP 

Please refer to RFC 2364 for more information on PPP over ATM Adaption Layer 5 (AAL5). Refer to RFC 
1661 for more information on PPP. 

3.8.4 RFC 1483 

RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaption Layer 5 (AAL5). 
The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC -based 
multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual 
circuit (VC -based multiplexing). Please refer to the RFC for more detailed information. 

3.9 Internet Access Configuration 

Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified 
setup for one of the remote nodes that you can access in Menu 1 1 . Before you configure your Prestige for 
Internet access, you need to collect your Internet account information from your ISP and telephone 
company. 

Use the following table to record your Internet Account Information. 



Internet Access 
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Table 3-3 Internet Account Information 



Internet Account Information 


Write your account information here 


Telephone Company Information 


VPI (Virtual Path Identifier) 




VCI (Virtual Channel Identifier) 






IP Address of the ISP's Gateway (Optional) 




Login Name 




Password for ISP authentication 




Type of Multiplexing 




Type of Encapsulation 




Ethernet Encapsulation Gateway 





From the Main Menu, enter 4 to go to Menu 4 - Internet Access Setup, as displayed below. The following 
table contains instructions on how to configure your Prestige for Internet access. 
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Menu 4 - Internet Access Setup 



}- 



ISP's Name= aa 
Encapsulations ENET ENCAP 
Multiplexing- LLC-based 
VPI #= 10 
VCI #= 10 
My Logins N/A 
My Password^ N/A 
Single User Account- No 
IP Address Assignment- Static 
IP Address= 192.168.1.100 
IP Subnet Mask= 255.255.255. 
ENET ENCAP Gateway= N/A 



Get this information 
from the telephone 
company. Get the 
other information from 
your ISP. 



Press ENTER to confirm or ESC to cancel: 



Figure 3-4 Internet Access Setup 



Table 3-4 Internet Access Setup Menu Fields 



Field 


Description 


Options/E.G. 


ISP's Name 


Enter the name of your Internet Service Provider, e.g., 
mylSP. This information is for identification purposes only. 


e.g., MylSP 


Encapsulation 


Press the spacebar to select the method of encapsulation 
used by your ISP. You must have a static IP address (see 
below) for PPPoE, PPP, or RFC 1483 encapsulation. 


PPPoE, PPP, 
RFC 1483 or 
ENET ENCAP. 


Multiplexing 


Press the [Space Bar] to select the method of multiplexing 
used by your ISP - either VC-based or LLC-based. 


VC-based 
LLC-based 


VPI# 


Enter the Virtual Path Identifier (VPI) that the telephone 
company gives you. 


10 


VCI# 


Enter the Virtual Channel Identifier (VCI) that the telephone 
company gives you. 


10 


My Login 


Enter the login name that your ISP gives you. If you are 
using PPPoE encapsulation, then this field must be of the 
form user@domain where domain identifies your ISP. 


reds 


My Password 


Enter the password associated with the login name above. 


*** 


Single User Account 


Press the spacebar to enable or disable SUA. Please see 
the following section for a more detailed discussion on the 
Single User Account feature. 


Yes 
No 
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Field 


Description 


Options/E.G. 


IP Address Assignment 


Press the [Space Bar] to select Static or Dynamic address 
assignment. The following three fields are N/A for a dynamic 
address assignment 


Static 
Dynamic 


IP Address 


Enter the IP address supplied by your ISP if applicable. 


192.168.1.100 


IP Subnet Mask 


Enter the IP Subnet Mask supplied by your ISP if applicable. 


255.255.255.0 


ENET ENCAP Gateway 


Enter the gateway IP address supplied by your ISP when 
Ethernet Encapsulation (ENET ENCAP) or IP Address 
Assignments Static is specified above. 


192.168.1.1 



At this point, if all your settings are correct your Prestige should connect automatically to the Internet. If the 
connection fails, note the error message that you receive on the screen and take the appropriate 
troubleshooting steps. 

3.10 Single User Account 

Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, you will have 
to lease a block of legal, or globally unique, IP addresses from the ISP. 

The Single User Account (SUA) feature allows you to have the same benefits as having multiple legal 
addresses, but only pay for one IP address, thus saving significantly on the subscription fees. (Check with 
your ISP before you enable this feature). SUA supports popular Internet applications such as MS traceroute, 
CuSeeMe, IRC, RealAudio, VDOLive, Quake and PPTP with no extra configuration needed. 
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192.168.1.33 



192.168.1.34 



192.168.1.35 



192.168.1.36 




Same Network 
Number 



192 . 168 . 1 . 1 




Prestige 



The SUA network appears as a 
single host to the Internet. 



Figure 3-5 Single User Account Topology 

The IP address for the SUA can be either fixed or dynamically assigned by the ISP. In addition, you can 
designate servers, e.g., a web server and a telnet server, on your local network and make them accessible to 
the outside world. If you do not define any server, SUA offers the additional benefit of firewall protection. 
If no server is defined, all incoming inquiries will be filtered out by your Prestige, thus preventing intruders 
from probing your network. Your Prestige accomplishes this address sharing by translating the internal 
LAN IP addresses to a single address that is globally unique on the Internet. For more information on IP 
address translation, refer to RFC 163 1, The IP Network Address Translator (NAT). 

3.10.1 Advantages of SUA 

In summary: 

• SUA is a cost-effective solution for small offices to access the Internet or other remote TCP/IP 
networks. 

• SUA supports servers to be accessible to the outside world. 

• SUA can provide firewall protection if you do not specify a server. All incoming inquiries will be 
filtered out by your Prestige. 

• UDP and TCP packets can be routed. In addition, partial ICMP, including echo and trace route, is 
supported. 



Internet Access 



3-11 



Prestige 641 ADSL Internet Access Router 



3.10.2 Single User Account Configuration 

The steps for configuring your Prestige for Single User Account are identical to the conventional Internet 
access with the exception that you need to fill in two extra fields in Menu 4 - Internet Access Setup, as 
shown below. 



SUA 



Menu 4 - Internet Access Setup 



ISP ' s Name- aa 
Encapsulation- PPP 
Multiplexings 
VPI #= 0 
VCI #= 34 
My Login- rr 
My Password- ****** 
irngle user Account" 

IP Addr= 0.0.0.0 
W ET EIICAP Gatcway^ -wr* 



Enter here to CONFIRM or ESC to CANCEL: 



Figure 3-6 Menu 4 - Internet Access Setup for Single User Account 

To enable the SUA feature in Menu 4, move the cursor to the Single User Account field and select Yes (or 
No to disable SUA). Then follow the instructions on how to configure the SUA fields. 
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Table 3-5 Single User Account Menu Fields 



Field 


Description 


Single User Account 


Select Yes to enable SUA. 


IP Addr. 


If your ISP did nor assign you a static IP address, enter 
[0.0.0.0] here; otherwise, enter that IP address here. 


Press [Enter] at the message [Press ENTER to Confirm ...] to save your configuration, or 
press [Esc] at any time to cancel. 



3.1 1 Multiple Servers behind SUA 

If you wish, you can make inside servers for different services, e.g., web or FTP, visible to the outside 
users, even though SUA makes your whole inside network appear as a single machine to the outside world. 
A service is identified by the port number, e.g., web service is on port 80 and FTP on port 21. 

As an example, if you have a web server at 192.168.1.2 and an FTP server 192.168.1.3, then you need to 
specify for port 80 (web) the server at IP address 192.168.1.2 and for port 21 (FTP) another at IP address 
192.168.1.3. 

Please note that a server can support more than one service, e.g., a server can provide both FTP and DNS 
service, while another provides only web service. Also, since you need to specify the IP address of a server 
in the Prestige, a server must have a fixed IP address and not be a DHCP client whose IP address potentially 
changes each time it is powered on. 

In addition to the servers for specific services, SUA supports a default server. A service request that does 
not have a server explicitly designated for it is forwarded to the default server. If the default server is not 
defined, the service request is simply discarded. 

To make a server visible to the outside world, specify the port number of the service and the inside IP 
address of the server in Menu 15 - Multiple Server Configuration. 

3.11.1 Configuring a Server behind SUA 

Follow the steps below to configure a server behind SUA: 

1. Enter 15 in the main menu to go to Menu 15 - Multiple Server Configuration. 

2. Enter an index number in menu 15 to go to Menu 15.1 - SUA Server Configuration. 

3. Enter the service port number in the Port # field and the inside IP address of the server in the IP 
Address field. 

4. Press ENTER at the "Press ENTER to confirm ..." prompt to save your configuration after you 
define all the servers or press ESC at any time to cancel. 
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Menu 15 


- Multiple Server Configuration 


Port # 


IP Address 


1. Default 
2 . 0 

3. 0 

4. 0 


0.0.0.0 


0.0.0.0 


0.0.0.0 


5. 0 


0.0.0.0 
0.0.0.0 
0.0.0.0 
0.0.0.0 
0.0.0.0 


6. 0 


7. 0 

8. 0 


Press ENTER to Confirm or ESC to Cancel: 



Figure 3-7 Multiple Server Configuration 

The most often used port numbers are: 

Table 3-6 Services vs. Port number 



FTP (File Transfer Protocol) 


21 


Telnet 


23 


SMTP (Simple Mail Transfer Protocol) 


25 


DNS(Domain Name System) 


53 


HTTP (Hyper Text Transfer protocol or WWW, Web) 


80 


PPTP (Point-to-Point Tunneling Protocol) 


1723 
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Chapter 4 

Remote Node Configuration 

In this chapter, we discuss the parameters that are protocol 
independent. The protocol-dependent configuration will be 
covered in subsequent chapters. For TCP/IP, see Chapter 5, 
for IPX, see Chapter 6 and for Bridging, see Chapter 7. 

A remote node is required for placing calls to a remote gateway. A remote node represents both the remote 
gateway and the network behind it across a WAN connection. Note that when you use Menu 4 to set up 
Internet access, you are actually configuring one of the remote nodes. 

4.1 Remote Node Setup 

This section describes the protocol-independent parameters for a remote node. 

4.1.1 Remote Node Profile 

To configure a remote node, follow these steps: 

Step 1 . From the Main Menu, select menu option 1 . Remote Node Setup 

Step 2. When Menu 1 1 appears, as shown below, enter the number of the remote node that you wish to 
configure. 





Menu 11 - 


Remote 


Node Setup 


1 . 


nodename 






2 . 








3. 








4 . 










Enter 


Node # 


to Edit: 



Figure 4-1 Menu 11 - Remote Node Setup 

When Menu 11.1 - Remote Node Profile appears fill in the fields as described in the table that follows to 
define this remote profile. The Remote Node Profile Menu Fields table shows how to configure the Remote 
Node Menu. 
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4.1.2 Encapsulation & Multiplexing Scenarios 

For Internet Access you should use the encapsulation and multiplexing methods used by your ISP. For a 
LAN-to-LAN application, e.g., branch office and corporate headquarters, prior mutual agreement on 
methods used is necessary because there is no mechanism to automatically determine 
encapsulation/multiplexing. Selection of which encapsulation and multiplexing methods to use depends on 
how many VCs you have and how many different network protocols you need. The extra overhead that PPP 
over Ethernet (PPPoE) and ENET ENCAP encapsulation entail makes them a poor choice in a LAN-to- 
LAN application. Here are some examples of more suitable combinations in such an application. 

Scene 1 . One VC, Multiple Protocols 

PPP (RFC 2364) encapsulation with VC-based multiplexing is the best combination because the extra 
protocol identifying headers that LLC-based multiplexing uses is unneeded. The PPP protocol already 
contains this information. 

Scene 2. One VC, One Protocol (IP) 

Select RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 
octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to 
select PPP encapsulation instead of RFC-1483, so you don't need to reconfigure either machine when the 
time comes. 

Scene 3. Multiple VCs 

If you have an equal number (or more) of VCs than the number of protocols, then select RFC-1483 
encapsulation and VC-based multiplexing. 



Menu 11.1 - Remote 


Node Profile 


Enter a unique name of less 






than 8 characters for the 


Rem Node Name= nodename 


Routes None 


Active^ Yes 


Bridges No 


remote name. 


Encapsulations PPP 


Edit PPP Options- No 




Multiplexings VC-based 


Rem IP Addrs 0.0.0.0\ 




Incoming : 


Edit IP/IPX/Bridges n\ 




Rem Logins? 






Rem Password=? 


Session Options: \ 




Outgoing : 


Edit Filter Sets- No 




My Logins oscar 






My Password^ ******** 




Enter the IP 


Authens CHAP/PAP 




address of the 






remote gateway 






here. 


Enter here to CONFIRM 


or ESC to CANCEL: 





Figure 4-2 Menu 11.1 Remote Node Profile 
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Table 4-1 Remote Node Profile Menu Fields 



Field 


Description 


Options 


nem IN0Q6 Name 


i nis is a requireo neia [ . j. tnier a aescripxive name ror Tne 
remote node, for example, Corp. This field can be up to 
eight characters. This name must be unique from any other 
remote node name. 




Active 


Press the spacebar to toggle between Yes and No. Inactive 
nodes are displayed with a minus sign (-) at the beginning of 
the name in Menu 1 1 . 


Yes/No 


Encapsulation^ 


PPPoE refers to RFC 251 6 and PPP refers to RFC 2364, "PPP 
Encapsulation over ATM Adaption Layer 5". If RFC 1483 
("Multiprotocol Encapsulation over ATM Adaption Layer 5") or 
ENET ENCAP are selected, then the Rem Login, Rem Password, 
My Login, My Password, Edit PPP Options and Authen fields 
will not be applicable (N/A). Moreover, ENET ENCAP 
encapsulation does not apply for IPX routing. If you choose ENET 
ENCAP encapsulation, you must specify the Ethernet 
encapsulation gateway in the Rem IP Addr field. 


PPP oE, 

PPP, 
RFC 1483 
or ENET 
ENCAP 


Multiplexing^ 






Press the spacebar to the select the multiplexing method. 


VC-based 
LLC-based 


Incoming: 


Rem 
Login 
Name 


Enter the login name that this remote node will use when it 
calls your Prestige. 

The login name in this field combined with the Rem Node 
Password will be used to authenticate this node. 




Incoming: 


Rem 
Password 


Enter the password used when this remote node calls your 
Prestige. 




Outgoing: 


My Login 


Enter the login name for your Prestige when it calls this 
remote node. If you are using PPPoE encapsulation, then 
this field must be of the form user@domain where domain 
identifies your ISP. 




Outgoing: 


My 
Password 


Enter the password for your Prestige when it calls this 
remote node. 




Outgoing: 


Authen 


This field sets the authentication protocol used for outgoing 
calls. 










Options for this field are: 










• CHAP/PAP - Your Prestige will accept either CHAP or 
PAP when requested by this remote node. 


CHAP/PAP 








• CHAP - accept CHAP only. 


CHAP 








• PAP - accept PAP only. 


PAP 
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Field 


Description 


Options 


Route 


This field determines the protocols that your Prestige will 
route. 




Bridge 


Bridging is used for protocols that the Prestige doe not 
support, e.g., SNA, or not turned on in the previous Route 
field. When bridging is enabled, your Prestige will forward 
any packet that it does not route to this remote node; 
otherwise, the packets are discarded. . 


Press 
space bar 
to toggle 

Yes/No 


Edit PPP Options 


To edit the PPP options for this remote node, move the 
cursor to this field, use the space bar to select Yes and 
press [Enter]. This will bring you to Menu 11.2 - Remote 
Node PPP Options. For more information on configuring 

ppp nntinnc coo the cor , tir\n FHifinn PPP (~)r\tinnG 

ill UfJLIUI lo, OCC LIIC ocIjLIUI 1 i^Ulllliy III KJfJUUI 10. 


Press 
space bar 
to toggle 
Yes then 

nrpcc 

\J\ coo 

[Enter] 


Rem IP Addr 


Enter the IP address of the remote gateway. 




Edit IP/IPX/Bridge 


Press the space bar to select Yes and press Enter to go to 
Menu 11.3 - Remote Node Network Layer Options menu. 


Yes or No 


Session Option: 
Edit Filter Sets 


Use the space bar to toggle this field to Yes and press 
[Enter] to open Menu 1 1 .5 to edit the filter sets. See the 
Remote Node Filter section for more details. 


Default^ 
No 


Once you have completec 
[Press ENTER to Confirm 


filling in Menu 11.1- Remote Node Profile, press [Enter] at the message 
...] to save your configuration, or press [Esc] at any time to cancel. 



4.1.3 Outgoing Authentication Protocol 



Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons. 
However, some vendor's implementation includes specific authentication protocol in the user profile. It 
will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated 
protocol is stronger than specified. If you encounter the case where the peer disconnects right after a 
successful authentication, please make sure that you specify the correct authentication protocol when 
connecting to such an implementation. 

4.1.4 Editing PPP Options 

To edit the remote node PPP Options, move the cursor to the Edit PPP Options field in Menu 11.1 - 
Remote Node Profile, and use the space bar to select Yes. Press Enter to open Menu 1 1.2, as shown 
next. 



4-4 



Remote Node Configuration 



Prestige 641 ADSL Internet Access Router 



Menu 11.2 - Remote Node PPP 


Options 


Encapsulation^ Standard PPP 




Compression^ No 




Press ENTER to CONFIRM or ESC 


to CANCEL: 


Press Space Bar to Toggle. 





Figure 4-3 Menu 11.2 - Remote Node PPP Options 

The following table describes the Remote Node PPP Options Menu, and contains instructions on how to 
configure the PPP options fields. 



Table 4-2 Remote Node PPP Options Menu Fields 



Field 


Description 


Option 


Encapsulation 


Select the CISCO PPP only when this remote node 
is a Cisco machine; otherwise, select the Standard 
PPP. 


Standard 
PPP 

CISCO 
PPP 


Compression 


Turn on/off Stac Compression. The default for this 
field is Off. 


On/Off 

(Default = 
Off) 


Once you have completed filling in Menu 1 1 .2 - Remote Node PPP Options, press [Enter] at the 
message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at any time to 
cancel. 



4.1.5 Remote Node Filter 

Use Menu 1 1 .5 - Remote Node Filter to specify the filterset(s) to apply to the incoming and outgoing 
traffic between this remote node and the Prestige. You can specify up to 4 filter sets separated by comma, 
e.g., 1, 5, 9, 12, in each filter field. The default is no filters. 

Note that spaces are accepted in this field. For more information on defining the filters, see Chapter 8 on 
Filter Configuration. 
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Menu 11.5 - Remote Node Filter 

Input Filter Sets: 
protocol filters^ 
device filters- 
Output Filter Sets: 
protocol filters^ 
device filters- 
Call Filter Sets: 
protocol filters^ 
device filters— 



Figure 4-4 Menu 1 1 .5 - Remote Node Filter 
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Chapter 5 

Remote Node TCP/IP Configuration 

This chapter shows you how to configure 
the TCP/IP parameters o f a remote node. 

A typical LAN-to-LAN application is to use your Prestige to connect a branch office to the headquarters, as 
depicted in the following diagram. 

5.1 LAN-to-LAN Application 



Remote Network Local Network 

=^ 10/lOOMB ^ 




ADSL Lines ' 

Figure 5-1 TCP/IP LAN-to-LAN Application 

For the branch office, you need to configure a remote node in order to dial out to the headquarters. 
Additionally, you may also need to define static routes if some services reside beyond the immediate 
remote LAN. 

5.1 .1 Editing TCP/IP Options 

Follow the steps below to edit Menu 11.3 - Remote Node Network Layer Options shown next. 

In Menu 11.1, move the cursor to the Edit IP/IPX/Bridge, then press the space bar to toggle and set the 
value to Yes. Press [Enter] to open Menu 11.3 - Network Layer Options. 
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There are two versions of menu 11.3 for the P641, depending on whether you chose VC-based or LLC- 
based Multiplexing in menu 11.1. 

VC-Based Multiplexing 

Remember that for VC-based multiplexing, by prior mutual agreement, a protocol is assigned a specific 
virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX etc. 



Menu 11.3 - Remote Node Network Layer Options 



Static 
0 . 0 




IP Options: 

IP Address Assignment 
Rem IP Addr: 0.0.0.0 
Rem Subnet Mask= 0 . 0 
My WAN Addr= 0.0.0.0 
Single User Account- 
Metric= 2 
Private- No 
RIP Direction= Bot 
Version= RIP, 

"vpT~#=" 

VCI #=1 



Separate VPI and 
VCI numbers must 
be specified for 
each protocol. 



Figure 5-2 Menu 11.3 for VC-based multiplexing. 

In this case, separate VPI and VCI numbers must be specified for each protocol. 

LLC-based multiplexing 

For LLC-based multiplexing, one VC carries multiple protocols with protocol identifying information 
being contained in each packet header. 







Menu 11.3 - Remote 


Node Network Layer Options___— 


VPI/VCI_15![C 148 3 LLC/PPP/ENEI_S»€ 


-APT 1 IPX Options : 


^-vpT#^~1~x 


Rem LAN Net #= 00000000 


( VCI t= 1 ) 


My WAN Net #= 00000000 


IP Options-": 


Hop Count- 1 


IP Address Assignment- Static 


Tick Count= 2 


Rem IP Addr: 0.0.0.0 




Rem Subnet Mask= 0.0.0.0 


Bridge Options: 


My WAN Addr= 0.0.0.0 


Ethernet Addr Timeout (min) = 0 


Single User Account- No 




Metric= 2 




Private- No 




RIP Direction= Both 




Version= RIP-2B 





Figure 5-3 Menu 11.3 for LLC-based multiplexing 

In this case, only one set of VPI and VCI numbers need be specified for all protocols. 



Only one set of 
VPI and VCI 
numbers need be 
specified. 
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The following diagram explains the Sample IP Addresses to help you to understand the field of My Wan 
Addr in Menu 1 1 .3. Refer to Figure 3-3 LAN & WAN IPs for a brief review of what a WAN IP is. My 
WAN Addr indicates the local Prestige WAN IP while Rem IP Address indicates the peer WAN IP. 




Figure 5-4 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection 

To configure the TCP/IP parameters of a remote node, first configure the two fields in Menu 11 - Remote 
Node Profile, as shown in the table below. For more details on the IP Option fields, refer to Chapter 3. 

Table 5-1 TCP/IP related fields in Remote Node Profile 



Field 


Description 


Option 


Rem IP Address 


Enter the IP address of the remote gateway in Remote Node 
Profile. 




Edit IP 


Press the space bar to select Yes and press Enter to go to 
Menu 1 1 .3 - Remote Node Network Layer Options Menu. 


Yes 

(Yes/No) 
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The following table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer 
Options. 



Table 5-2 TCP/IP Remote Node Configuration 



Field 


Description 


Option 


IP Address 
Assignment 


Press the [Space Bar] to select Static or Dynamic address 
assignment. The following two fields are N/A for a dynamic 
address assignment. 


Static/ Dynamic 


Rem IP Address 


This will show the IP address you entered for this remote node in 

thp nrpvinii^ mpnii 

LI 1 C ^Jl CV IUUJ 1 1 Id 1 U - 




Rem IP Subnet 
Mask 


Enter the subnet mask for the remote network. 




Mv WAN Addr 

iviy vvni'i nuui 


Romp imnlpmpntatinn^ p^npriallv thp I INIX Hprivativp^ rpnuirp 

UUI 1 i\j II 1 IkJIUI 1 ICI 1 LCI LI W 1 1 O . vOUL/Vl CI 1 1 V LI It/ Vw7 1 lll/\ VJCI IVUllVUO] 1 L/VJU 1 1 ^ 

the WAN link to have a separate IP network number from the 
LAN and each end must have a unique address within the WAN 
network number. If this is the case, enter the IP address assigned 
to the WAN port of your Prestige. 

Note that this is the address assigned to your local Prestige, not 
the remote router. 




Single User 
Account 


Set this field to Yes to enable the Single User Account feature for 
your Prestige. Use the space bar to toggle between Yes and No. 
See Chapter 3 - Internet Access Application for more information 
on the Single User Account feature. 


Yes/No 


Metric 


The metric represents the "cost" of transmission for routing 
purposes. IP routing uses hop count as the measurement of cost, 
with a minimum of 1 for directly connected networks. Enter a 
number that approximates the cost for this link. The number need 
not be precise, but it must be between 1 and 15. In practice, 2 or 
3 is usually a good number. 


1 to 15 


Private 


This parameter determines if the Prestige will include the route to 
this remote node in its RIP broadcasts. If set to Yes, this route is 
kept private and not included in RIP broadcast. If No, the route to 
this remote node will be propagated to other hosts through RIP 
broadcasts. 


Yes/No 


RIP Direction 
Version^ 


Press the space bar to select the RIP direction from Both/In 
Only/Out Only or None. 

Press the space bar to select the RIP version from RIP-1/RIP- 
2B/RIP-2M. 


(Default=Both) 
RIP-1 (default) 
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riciu 


uescnpiiun 


vjpuun 


VPI 
VCI 


Enter the Virtual Path Identifier (VPI) number that your 
telephone company supplies. 

Enter the Virtual Channel Identifier (VCI) number that your 
telephone company supplies. 




Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to Menu 1 1 . 
Press [Enter] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at any 
time to cancel. 



5.1.2 Static Route Setup 



Static routes tell the Prestige routing information that it cannot learn automatically through other means. 
This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is 
directly connected to a remote node. 

Each remote node specifies only the network to which the gateway is directly connected, and the Prestige 
has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the 
following diagram through remote node Router 1 . However, the Prestige is unable to route a packet to 
network N3 because it doesn't know that there is a route through remote node Router 1 (via Router 2). The 
static routes are for you to tell the Prestige about the networks beyond the remote nodes. 



Nl 



a 




N2 



N3 



Router 1 — 



Router 2 



Figure 5-5 Example of Static Routing Topology 

To configure an IP static route, use Menu 12 - Static Route Setup, as shown next. 
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Menu 12 - IP Static Route Setup 

1. 

2 . 

3. 

4 . 

5. 

6. 

7 . 

8. 



Enter selection number: 



Figure 5-6 Menu 12 - IP Static Route Setup 

From Menu 12, enter the index of the static route you wish to edit to open Menu 12.1 -Edit IP Static 
Route. 



Menu 12.1 - Edit IP Static Route 



Route #: 1 
Route Name- ? 
Active- No 

Destination IP Address- ? 
IP Subnet Mask= ? 
Gateway IP Address= ? 
Metric= 2 
Private- No 

Press ENTER to Confirm or ESC to Cancel: 



Figure 5-7 Edit IP Static Route 
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The following table describes the fields for Menu 12.1.1 - Edit IP Static Route Setup. 



Table 5-3 Edit IP Static Route Menu Fields 



Field 


Description 


Rniitp Namp 

1 1UU LC 1 NCll 1 IO 


Fntpr a rlp^rrintivp namp for thi^ rnntp Thi^ 19 for irlpntifiratinn nurnn^p nnlv 

1 — 1 1 Id Q VJCOOII^JLIVC 1 1 CU 1 IC IUI 11 1 IO 1 VJU LC - 1 1 1 ICS IO U IUCI III 1 ILdLIUI [JU ^JUoC Ul 1 1 y . 


Active 


This field allows you to activate/deactivate this static route. 


Destination IP 
Address 


This parameter specifies the IP network address of the final destination. 
Routing is always based on network number. If you need to specify a route to 
a single host, use a subnet mask of 255.255.255.255 in the subnet mask field 
to force the network number to be identical to the host ID. 


IP Subnet Mask 


Enter the subnet mask for this destination. Follow the discussion on IP subnet 
mask in this chapter. 


Gateway IP 
Address 


Enter the IP address of the gateway. The gateway is an immediate neighbor of 
your Prestige that will forward the packet to the destination. On the LAN, the 
gateway must be a router on the same segment as your Prestige; over WAN, 
the gateway must be the IP address of one of the remote nodes. 


Metric 


The metric represents the "cost" of transmission for routing purposes. IP 
routing uses hop count as the measurement of cost, with a minimum of 1 for 
directly connected networks. Enter a number that approximates the cost for 
this link. The number need not be precise, but it must be between 1 and 15. In 
practice, 2 or 3 is usually a good number. 


Private 


This parameter determines if the Prestige will include the route to this remote 
node in its RIP broadcasts. If set to Yes, this route is kept private and not 
included in RIP broadcast. If No, the route to this remote node will be 
propagated to other hosts through RIP broadcasts. 
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Chapter 6 

IPX Configuration 

This chapter shows you how to configure the 
IPX parameters of the Prestige 641. 

6.1 IPX Network Environment 

Novell bundles the protocol stack, the server software and routing functionality in their NetWare server 
products, so a NetWare server is not only a file or print server, it is also a router. 

6.1.1 Network and Node Number 

Every IPX machine has a network number and a node number, together they form the complete address of 
the machine. The IPX network number is a 32-bit quantity and is usually expressed in 8 hexadecimal 
digits, e.g., 0893A8CF. The host number is a 48-bit quantity and usually is taken from the MAC (Media 
Access Control) address of the Ethernet hardware, so you don't have to explicitly configure the node 
number. 

An IPX client obtains its network number from a server that has the network numbers statically configured. 
If there are multiple servers on a network, only one server need to have the network numbers configured 
and all other stations (clients and servers) can obtain the network numbers from it. The server with 
configured network numbers is called a seed router. 

If you have a NetWare server on the same LAN as the Prestige 641, we recommend that you set up a 
NetWare server as a seed router. Even though the Prestige 641 is capable as a seed router, a NetWare 
server offers a much more extensive facility for network management. 

6.1.2 Frame Types 

IPX can run on top of four different frame types on the Ethernet. These frame types are 802.2, 802.3, 
Ethernet II (DIX), and SNAP (Sub-Network Access Protocol). Each frame type is a separate logical 
network, even though they exist on one physical cable (see the following diagram). 

Although there are four frame types available on the Ethernet, you should configure as few frame types as 
possible on your NetWare server and use automatic frame detection on the clients to simplify management 
and to reduce network overhead. 
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NetWare Server 




!PX router 



— l-AlriTi-|I.Vi-r^v\'> Vi.yI-i'k-':. 



Figure 6-1 NetWare Server 

6.1.3 External Network Number 

Each of the four logical networks (based on frame type) has its own external network number. 

6.1.4 Internal Network Number 

In addition to the external network numbers, each NetWare server has its own internal network number that 
is a virtual network to which the server is attached. It is important to remember that every network number 
must be unique for that entire internetwork, either internal or external. 

6.2 Prestige 641 in an IPX Environment 

There are two scenarios in which your Prestige 641 is deployed, depending on whether there is a NetWare 
server on the LAN, as depicted in the following diagram. 
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Seed Router ( Client Side) 
Assigns Network Number 



Not Seed Router (Server Side) 
Learns Network Number 



NetWare 
Clients — ► 





NetWare 
Seruer 



Figure 6-2 Prestige 641 in an IPX Environment 

6.2.1 Prestige 641 on LAN with Server 

If your Prestige 641 is on a LAN with a seed router, you do not need to configure the LAN network 
numbers. Your Prestige 641 will learn the network number from the seed router and add the routes to its 
routing table. 

6.2.2 Prestige 641 on LAN without Server 

Each IPX network must have a seed router. If you only have NetWare clients on your network, then you 
must configure the Prestige 641 as a seed router and set up unique network numbers for each frame type 
enabled using the Ethernet Setup Menu. 
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6.3 IPX Ethernet Setup 

From Menu 3 - Ethernet Setup, enter 3 to go to Menu 3.3 - Novell IPX Ethernet Setup as shown in the 
figure below. 



Menu 3.3 — Novell IPX Ethernet 


Setup 


Seed Router^ No 




Frame Type 802.2= Yes 
IPX Network # = N/A 




Frame Type 802.3= No 
IPX Network #= N/A 




Frame Type Ethernet 11= No 
IPX Network #= N/A 




Frame Type SNAP= No 
IPX Network #= N/A 




Enter here to CONFIRM or ESC to 
Press Space Bar to Toggle. 


CANCEL: 



Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup 

The following table describes the Novell IPX Ethernet Setup Menu. 

Table 6-1 Novell IPX Ethernet Setup Fields 



Field 


Description 


Options 


Seed Router 


Determine if your Prestige 641 is to act as a seed 
router. 


Yes/No 


Frame Type 


Enable/Disable the individual frame type. 
Remember to enable only the ones that are actually 
used on your network. 


802.2 
802.3 
Ethernet II 
SNAP 


IPX Network 
# 


If your Prestige 641 is a seed router, enter a unique 
network number for each frame type enabled. 




Press [Enter] at the message [Press ENTER to Confirm ...] to save your configuration, 
or press [Esc] at any time to cancel. 
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6.4 LAN-to-LAN Application with Novell IPX 

A typical LAN-to-LAN application is to use your Prestige 641 to call from a branch office to the corporate 
headquarters to enable the stations in the branch office to access the NetWare servers at the headquarters, as 
depicted in the figure below. 



Branch 
Office LAN 



Corporate 
LAN 



NetWare 
Clients— ► 



\ 




External Network 
Number = 333. 



External Network 
Number = 333. 



Prestige 



Prestige 




NetWare Server 

Internal Network 
Number =111 



Figure 6-4 LAN-to-LAN Application with Novell IPX 



IPX Configuration 



6-5 



Prestige 641 ADSL Internet Access Router 

6.4.1 IPX Remote Node Setup 

Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 - 
Remote Node Profile. For the IPX-specific parameters in Menu 11.3 - Remote Node Network Layer 
Options follow the instructions below. 

Step 1 . In Menu 11.1, make sure IPX is among the protocols in the Route field. (The Route field should 
display Route = IPX or Route = IP + IPX.) 

Step 2. Move the cursor to the Edit IP/IPX/Bridge field, then press the space bar to select Yes and 
press [Enter] to open Menu 11.3 - Network Layer Options. 



Menu 11.3 - Remote Node 


Network Layer Options 


VPI/VCI (RFC1483 LLC/PPP/ENET ENCAP ) S 


IPX Options: 


VPI #=1 / 


Rem LAN Net #= 00000000 \ 


VCI #=1 ( 


My WAN Net #= 00000000 ) 


IP Options : \. 


Hop Count= 1 J 


IP Address Assignment- Static 


v^Tick Count= 2 


Rem IP Addr: 




Rem Subnet Mask= N/A 


Bridge Options: 


My WAN Addr= N/A 


Ethernet Addr Timeout (min) = N/A 


Single User Account- N/A 




Metric= N/A 




Private= N/A 




RIP Direction= N/A 




Version^ n/A 




Enter here to CONFIRM 


or ESC to CANCEL : 



Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options (for LLC-based multiplexing) 
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The table below describes the IPX-specific parameters of the remote node setup. 



Table 6-2 Remote Node Novell IPX Options 



Field 


Description 


Option 


Rem LAN 
Net# 


In this field, enter the internal network number of the NetWare 
server on the remote LAN. 




My WAN 
Net # 


In this field, enter the network number of the WAN link. If you 
leave this field as 00000000, your Prestige will determine 
automatically the network number through negotiation with the 
PPP peer. 


00000000 

(default) 


Hop Count 


This field indicates the number of intermediate networks that must 
be passed through to reach the remote node. 


1 

(default) 


Tick Count 


This field indicates the time-ticks required to reach the remote 
node. 


2 (default) 


Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to 
Menu 11.1. Then press [Enter] at the message [Press ENTER to Confirm] to save your 
configuration, press [Esc] to cancel. 
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6.4.2 IPX Static Route Setup 

Similar to IP, IPX static routes tell the Prestige 641 how to reach servers beyond a remote node before a 
connection to that remote node is established. 

From Menu 12, select two, then select one of the IPX Static Routes to open Menu 12.2.1 - Edit IPX Static 
Route, as shown next. 

I I 

Menu 12.2.1 - Edit IPX Static Route 

Route #= 11 
Server Name- ? 
Active- Yes 
Network #= ? 
Node #= 000000000001 
Socket #= 0451 
Type #= 0004 
Hop Count= 2 
Tick Count= 3 
Gateway Node= 1 



Press ENTER to CONFIRM or ESC to CANCEL : 



Figure 6-6 Menu 12.2 - Edit IPX Static Route 
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The following table contains the instructions on how to configure the Edit IP Static Route Menu. 



Table 6-3 Edit IPX Static Route Menu Fields 



Field 


Description 


Server Name 


In this field, enter the name of the server. This must be the exact name 

i ■ i 1 ■ i k i it a i 

configured in the NetWare server. 


Network # 


This field contains the internal network number of the remote server that 
you wish to access. [00000000] or [FFFFFFFF] are reserved. 


Node# 


This field contains the address of the node on which the server resides. If 
you are using a Novell IPX implementation, this value is [000000000001]. 


Socket # 


This field contains the socket number on which the server will receive 
service requests. The default for this field is hex [0451]. 


Type # 


This field identifies the type of service the server provides. The default for 
this field is hex [0004]. 


Gateway Node 


In this field, enter the number of the remote node that is the gateway for 
this static route. 


Hop Count and 
Tick Count 


These two fields have the same meaning as those in the Ethernet setup. 


Once you have completed filling in the menu, press [Enter] at the message [Press ENTER to 
Confirm...] to save your configuration, or press [Esc] to cancel to cancel. 
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Chapter 7 

Bridging Setup 

This chapter shows you how to configure the 
bridging parameters of your Prestige. 

7.1 Bridging in General 

Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while 
routing does it on the network layer (IP or IPX) address. Bridging allows the Prestige 641 to transport 
packets of network layer protocols that the Prestige 641 does not route, e.g., SNA, from one network to 
another. The caveat is that, compared to routing, bridging generates more traffic for the same network layer 
protocol and it also demands more CPU cycles and memory. 

For efficiency reasons, do not turn on bridging unless you need to support protocols other than IP and IPX 
on your network. For IP and IPX, enable the respective routing if you need it; do not bridge what the 
Prestige 641 can route. 

7.2 Bridge Ethernet Setup 

Basically, all non-local packets are bridged to the WAN; however, your Prestige 641 applies special 
handling for certain IPX packets to reduce the number of calls, depending on the setting of the Handle IPX 
field. 
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- Ethernet Setup, enter 4 to bring up Menu 3.4 - Bridge Ethernet Setup as shown next. 



From Menu 3 



Menu 3.4 - Bridge Ethernet Setup 



Handle IPX= None 



Press ENTER to CONFIRM or ESC to CANCEL : 
Press Space Bar to Toggle. 



Figure 7-1 Menu 3.5 - Bridge Ethernet Setup 

The following table describes how to configure the Handle IPX field in Menu 3.5. 



Table 7-1 Bridge Ethernet Setup Menu - Handle IPX Field Configuration 



Handle IPX Field 
Options 

(Menu 3.5) 


Description 


None 


When there is no IPX traffic on the LAN or when you do not want to 
apply any special handling for IPX. 


Client 


When there are only client workstations on the LAN. RIP and SAP 
(Service Advertising Protocol) response packets will not trigger calls. 


Server 


When there are only IPX servers on the LAN. No RIP or SAP packets 
will trigger calls. In addition, during the time when the line is down, your 
Prestige 641 will reply to watchdog messages from the servers on behalf 
of remote clients. The period of time that your Prestige 641 will do this is 
linked to the Ethernet Address Timeout parameter in each remote node 
(see Remote Node Configuration). When a remote Ethernet address is 
aged out, there is no need to maintain its connection to the IPX server. 



If there are both clients and servers on the LAN, and the local clients will access the remote servers, set this 
field to Server but turn on the Dial-On-Broadcast parameter in Menu 11.3 to allow the client queries 
to trigger calls. 

7.2.1 Remote Node Bridging Setup 

Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 - 
Remote Node Profile. For bridging-specific parameters, you need to configure Menu 11.3 - Remote Node 
Network Layer Options. 
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To set up Menu 11.3 - Remote Node Network Layer Options follow these steps: 
Step 1 . In Menu 11.1, make sure the Bridge field is set to Yes. 

Step 2. Move the cursor to the Edit IP/IPX/Bridge field, then press the space bar to select Yes and 
press [Enter] to open Menu 1 1.3 - Network Layer Options. 



Menu 11.3 - Remote Node Network Layer Options 



VPI/VCI (RFC1483 LLC/PPP/ENET ENCAP ) 
VPI #= 1 
VCI #= 1 
IP Options : 

IP Address Assignment- Static 

Rem IP Addr: 0.0.0.0 

Rem Subnet Mask= 0.0.0.0 

My WAN Addr= 0.0.0.0 

Single User Account- No 

Metric= 2 

Private- No 

RIP Direction= Both 

Version= rip _2b 



IPX Options : 

Rem LAN Net #= 00000000 
My WAN Net #= 00000000 
Hop Counts 1 
Tick Count= 2 



Bridge Options: 

— E^hrr mt Addr Timeoi ^fmi ") ~ 



Figure 7-2 Menu 11.3 - Remote Node Bridging Options 

The following table describes the bridging-specific parameters in the Remote Node Profile and Network 
Layers menus. 

Table 7-2 P641 Remote Node Network Layers Menu Bridge Options 



Field 


Description 


Bridge 


Make sure this field is set to Yes. 


Edit IP/IPX/Bridge 


Press the space bar to change it to Yes and press Enter] to go to the 
Network Layer Options Menu. 


Ethernet Addr 
Timeout (min) 


In this field, enter the time (number of minutes) that you wish your 
Prestige 641 to retain the Ethernet Addr information in its internal tables 
while the line is down. If this information is retained, your Prestige 641 
will not have to recompile the tables when the line is brought back up. 


Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to 
Menu 11.1. Then press [Enter] at the message [Press ENTER to Confirm...] to save your 
configuration, or press [Esc] to cancel. 
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7.3 Bridge Static RouteSetup 

Similar to network layer static routes, a bridging static route tells the Prestige 641 about the route to a node 
before a connection is established. You configure bridge static routes in Menu 12.3.1, by pressing 3 in 
menu 12 and then selecting one of the bridge static routes as shown below. 



Menu 12.3 - Bridge Static Route Setup 

1. 

2 . 

3. 

4 . 



Enter selection number: 



Figure 7-3 Menu 12.3 - Bridge Static Route Setup 



Menu 12.3 - Edit Bridge Static Route 



Route #: 21 
Route Name= 
Active- No 
Ether Address= ? 
IP Address^ 
Gateway Node= 1 

Press ENTER to CONFIRM or ESC to CANCEL : 



Figure 7-4 Menu 12.3.1 - Edit Bridge Static Route 
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The following table describes the Bridge Static Route Menu. 

Table 7-3 Bridge Static Route Menu Fields 



Field 


Description 


Route Name 


Enter a name for the bridge static route for identification purposes. 


Active 


Activate/deactivate the static route. 


Ether Address 


Enter the MAC address of the destination machine that you wish to 
bridge the packets to. 


IP Address 


If available, enter the IP address of the destination machine that you 
wish to bridge the packets to. 


Gateway Node 


Enter the number of the remote node that is the gateway of this static 
route. 


Once you have completed filling in this menu, press [Enter] at the message [Press 
ENTER to Confirm...] to save your configuration, or press [Esc] to cancel. 
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Chapter 8 

Filter Configuration 

This chapter shows you how to 
create and apply filter(s). 

8.1 About Filtering 

Your Prestige uses filters to decide whether or not to allow passage of a packet. Data filters are divided into 
incoming and outgoing filters, depending on the direction of the packet relative to a port. These filters are 
further subdivided into device and protocol filters, which are discussed later. 

The following sections describe how to configure filter sets. 

The Filter Structure of the Prestige 

A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for 
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve 
filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter 
rules and protocol filter rules within the same set. 

You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter 
set having up to six rules, you can have a maximum of 24 rules active for a single port. 

8.2 Configuring a Filter Set 

To configure a filter sets, follow this procedure: 

Step 1 . Enter 21 from the Main Menu to open Menu 21 - Filter Set Configuration. 
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Filter 
Set # 

1 

2 
3 
4 
5 
6 



Menu 21 - Filter Set Configuration 
Filter 

■s Set # Comm 



9 

10 

11 
12 



Enter Filter Set Number to Configure= 
Edit Comments- 
Press ENTER to CONFIRM or ESC to CANCEL : 



Figure 8-1 Menu 21 - Filter Set Configuration 

Step 2. Enter the index of the filter set you wish to configure (no. 1-12) and press [Enter]. 

Step 3. Enter a descriptive name or comment in the Edit Comments field and press Enter. 

Step 4. Press [Enter] at the message: [Press ENTER to confirm] to open Menu 21.1 - Filter Rules 
Summary. 



# A Type 



Menu 21.1 - Filter Rules Summary 
Filter Rules 



1 Y IP Pr=6, SA=0. 0.0.0, DA=0. 0.0.0, DP=137 

2 Y IP Pr=6, SA=0. 0.0.0, DA=0 . 0.0.0, DP=138 

3 Y IP Pr=6, SA=0. 0.0.0, DA=0 . 0.0.0, DP=139 

4 Y IP Pr=17, SA=0. 0.0.0, DA=0. 0.0.0, DP=137 

5 Y IP Pr=17, SA=0. 0.0.0, DA=0. 0.0.0, DP=138 

6 Y IP Pr=17, SA=0. 0.0.0, DA=0. 0.0.0, DP=139 



Enter Filter Rule Number (1-6} to Configure: 1 

Edit Comments= NetBIOS_WAN 

Press ENTER to Confirm or ESC to Cancel: 
Enter Filter Rule Number (1-6) to Configure: 



N D N 

N D N 

N D N 

N D N 

N D N 

N D F 



Figure 8-2 Menu 21.1 - Filter Rules Summary 
8.2.1 Filter Rules Summary Menu 

This screen shows a summary of the existing rules in an example filter set. The following tables contain a 
brief description of the abbreviations used in Menu 21.1. 
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Table 8-1 Abbreviations Used in the Filter Rules Summary Menu 



Abbreviations 


Description 


Display 


# 


Refers to the filter rule number (1-6). 




A 


Refers to Active. 


[Y] means the filter rule is active. 

TM1 mpanc tho filter nilo ic inar , ti\/o 

[INJ 1 1 ItJdl lo LI It: IIILtJI lUIC lo lllctL-LIVC 


Type 


nuiyib 10 iiic type ui iiiiur ruic. 


[OCInJ lUi OullcilL. 




This shows GEN for generic, IP for 
TCP/IP 


[IP] for TCP/IP 


Filter Rules 


The filter rule parameters are displayed 
here (see below). 




M 


Refers to More. 


[Y] 




[Y] means an action can not yet be taken 
as there are more rules to check, which 
are concatenated with the present rule 
tn form a rulp rhain Whpn thp rulp rhain 

LU 1 W 1 1 1 1 CI 1 U 1 w \s 1 1 CI 1 1 1 ■ V V 1 1 \j II 11 1^ 1 Ulv Ol 1 CI 1 1 1 

is complete an action can be taken. 


[N] 




[N] means you can now specify an action 
to be taken i.e., forward the packet, drop 
the packet or check the next rule. For the 
latter, the next rule is independent of the 
rule just checked. 






If More is Yes, then Action Matched and 

Ar*tir»n Kl/\t l\flot/*l*iaf4 \a/MI h\o Kl/A 
ML.LIUN INUL IVIdLUllcu WIN Uc IN/M 




m 


Refers to Action Matched. 


[F] means to forward the packet. 




[F] means to forward the packet 
immediately and skip checking the 
remaining rules. 


[D] means to drop the packet. 
[N] means check the next rule. 


n 


Refers to Action Not Matched. 


[F] means to forward the packet. 




[F] means to forward the packet 
immediately and skip checking the 
remaining rules. 


[D] means to drop the packet. 
[N] means check the next rule. 



The protocol dependent filter rules abbreviation are listed as follows: 



• If the filter type is IP, the following abbreviations listed in the following table will be used. 
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Table 8-2 Abbreviations Used If Filter Type Is IP 



Abbreviation 


Description 


Pr 


Protocol 


SA 


Source Address 


SP 


Source Port number 


DA 


Destination Address 


DP 


Destination Port number 



• If the filter type is GEN (generic), the following abbreviations listed in the following table will be 
used. 

Table 8-3 Abbreviations Used If Filter Type Is GEN 



Abbreviation 


Description 


Off 


Offset 


Len 


Length 



Refer to the next section for information on configuring the filter rules. 

8.3 Configuring a Filter Rule 

To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press Enter to open 
Menu 21 . 1 . 1 for the rule. 

There are three types of filter rules: TCP/IP, IPX and Generic. Depending on the type of rule, the 
parameters below the type will be different. Use the space bar to select the type of rule that you wish to 
create in the Filter Type field and press Enter to open the respective menu. 

To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. 
The class of a filter set is determined by the first rule that you create. When applying the filter sets to a 
port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set 
in a device filters field or vice versa, the Prestige will warn you and will not allow you to save. 

8.4 Filter Types and SUA 

There are two types of filter rules, Device Filter (Generic) rules and Protocol Filter (TCP/IP and IPX) 
rules. Device Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP 
and IPX packets. Generic and TCP/IP filter rules are discussed in more detail in the next section. When 
NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and port 
number are replaced on a connection-by-connection basis, which makes it impossible to know the exact 
address and port on the wire. Therefore, the Prestige applies the protocol filters to the "native" IP address 
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and port number before NAT/SUA for outgoing packets and after NAT/SUA for incoming packets. On the 
other hand, the generic, or device filters are applied to the raw packets that appear on the wire. They are 
applied at the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface 
can be an Ethernet, or any other hardware port. The following diagram illustrates this. 




Figure 8-3 Protocol and Device Filter Sets 
8.4.1 TCP/IP Filter Rule 

This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on 
the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers. 

To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open 
Menu 21.1.1 - TCP/IP Filter Rule, as shown next. 
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Menu 21.1.1 - TCP/IP Filter Rule 
Filter #: 1,1 

Filter Type= TCP/IP Filter Rule 
Active- Yes 

IP Protocol- 6 IP Source Route- No 

Destination: IP Addr= 0.0.0.0 
IP Mask= 0.0.0.0 
Port #= 137 
Port # Comp= Equal 
Source: IP Addr= 0.0.0.0 
IP Mask= 0.0.0.0 
Port #= 0 
Port # Comp- None 

TCP Estab= No 

More= No Log- None 

Action Matched- Check Next Rule 
Action Not Matched- Check Next Rule 

Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 8-4 Menu 21.1.1 - TCP/IP Filter Rule 

The following table describes how to configure your TCP/IP filter rule. 



Table 8-4 TCP/IP Filter Rule Menu Fields 



Field 


Description 


Option 


Active 


This field activates/deactivates the filter rule. 


Yes/No 


IP Protocol 


Protocol refers to the upper layer protocol, e.g., TCP is 6, 
UDP is 1 7 and ICMP is 1 . This value must be between 0 
and 255 


0-255 


IP Source Route 


If Yes, the rule applies to packet with IP source route 
option; else the packet must not have source route option. 
The majority of IP packets do not have source route. 


Yes/No 


Destination: IP 
Addr 


Enter the destination IP Address of the packet you wish to 
filter. This field is a don't-care if it is 0.0.0.0. 


IP address 


Destination: IP 
Mask 


Enter the IP subnet mask to apply to the Destination: IP 
Addr. 


Subnet mask 


Destination: Port # 


Enter the destination port of the packets that you wish to 
filter. The range of this field is 0 to 65535. This field is a 
don't-care if it is 0. 


0-65535 


Destination: Port# 
Comp 


Select the comparison to apply to the destination port in 
the packet against the value given in Destination: Port #. 


None/Less/G reater/ 
Equal/Not Equal 
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Field 


Description 


Option 


Source: IP Addr 


Enter the source IP Address of the packet you wish to 

filtor Thic fiolH ic a rlnn't-paro if it ic 0 fi fi fi 

I II lei . I 1 llo 1 1 ClU lo d UUI 1 L L.CU C II 11 lo u.u . U . \J. 


IP Address 


Source: IP Mask 


Enter the IP subnet mask to apply to the Source: IP Addr. 


IP Mask 


Source: Port # 


Enter the source port of the packets that you wish to filter. 
The range of this field is 0 to 65535. This field is a don't- 
care if it is 0. 


0-65535 


Source: Port # 
Comp 


Select the comparison to apply to the source port in the 
packet against the value given in Source: Port #. 


None/Less/G reater/ 
Equal/Not Equal 


TCP Estab 


This field is applicable only when IP Protocol field is 6, 
TCP. If yes, the rule matches only established TCP 
connections; else the rule matches all TCP packets. 


Yes/No 


More 


If yes, a matching packet is passed to the next filter rule 

UclUrt? cul dOLIUM lb ldl\cM, clbc Lllc pdOftol lb UlbpUbcU Ul 

according to the action fields. 

If More is Yes, then Action Matched and Action Not 
Matched will be N/A. 


Yes / N/A 


Log 


Select the logging option from the following: 






• None — No packets will be logged. 


None 




• Action iviaicneu - uniy pacKeis mat matcn ine ruie 
parameters will be logged. 

• Action Not Matched - Only packets that do not 
match the rule parameters will be logged. 


Action iviaicneu 
Action Not Matched 
Both 




• Both - All packets will be logged. 




Action Matched 


Select the action for a matching packet. 


Check Next Rule 
Forward 
Drop 


Action Not Matched 


Select the action for a packet not matching the rule. 


Check Next Rule 
Forward 
Drop 


Once you have completed filling in Menu 21 .1 .1 - TCP/IP Filter Rule, press [Enter] at the message [Press 
Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on 
Menu 21 .1 - Filter Rules Summary. 
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8.4.2 Generic Filter Rule 

This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you 
to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. 

For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You 
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The 
Prestige applies the Mask (bit- wise ANDing) to the data portion before comparing the result against the 
Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes 
two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, 
e.g., FFFFFFFF. 

To configure a generic rule, select Generic Filter Rule in the Filter Type field and press Enter to open Menu 
21.1.2 - Generic Filter Rule, as shown next. 

I I 

Menu 21.1.2 - Generic Filter Rule 
Filter #: 1,1 

Filter Type- Generic Filter Rule 

Active- No 

Offset= 0 

Length= 0 

Mask= N/A 

Value= N/A 

More- No Log- None 

Action Matched- Check Next Rule 
Action Not Matched= Check Next Rule 



Press ENTER to Confirm or ESC to Cancel: 



Figure 8-5 Menu 21.1.2 - Generic Filter Rule 

The following table describes the fields in the Generic Filter Rule Menu. 
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Table 8-5 Generic Filter Rule Menu Fields 



Field 


Description 


Option 


Filter # 


This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second 
filter set and the third filter rule of that set. 




Filter Type 


Use the space bar to toggle between both types of rules. Parameters 
displayed below each type will be different. 


Generic Filter 
Rule/ TCP/IP 
Filter Rule 


Active 


Select Yes to turn on the filter rule. 


Yes/No 


Offset 


Enter the starting byte of the data portion in the packet that you wish to 
compare. The range for this field is from 0 to 255. 


Default = 0 


Length 


Enter the byte count of the data portion in the packet that you wish to 
compare. The range for this field is 0 to 8. 


Default = 0 


Mask 


Enter the mask (in Hexadecimal) to apply to the data portion before 
comparison. 




Value 


Enter the value (in Hexadecimal) to compare with the data portion. 




More 


If yes, a matching packet is passed to the next filter rule before an action is 

takprr pl^p thp narkpt i 6 ; Hi^nn^pH nf armrHinn tn thp artinn fiplfte 

If More is Yes, then Action Matched and Action Not Matched will be N/A. 


Yes / N/A 


Log 


Select the logging option from the following: 






• None - No packets will be logged. 


None 




• Action Matched - Only packets that match the rule parameters will 
be logged. 


Action 
Matched 




• Action Not Matched - Only packets that do not match the rule 
naramptpr^ will hp InnnpH 

UQI Cll 1 O Will 1 — ' ' — ' IUUUDU. 


Action Not 
Matrhpri 




• Both - All packets will be logged. 


Both 


Action 
Matched 


Select the action for a matching packet. 


Check Next 
Rule 

Forward 

Drop 


Action Not 
Matched 


Select the action for a packet not matching the rule. 


Check Next 
Rule 

Forward 

Drop 


Once you have completed filling in Menu 21 .1 .2 - generic Filter Rule, press [Enter] at the message [Press 
Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on 
Menu 21 .1 - Filter Rules Summary. 
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8.4.3 Novell IPX Filter Rule 



This section shows you how to configure an IPX filter rule. IPX filters allow you to base the rules on the 
fields in the IPX headers. 

To configure an IPX rules, select IPX Filter Rule from the Filter Type field and press Enter to open 
Menu 21.1.3 IPX Filter Rule, as shown in the figure below. 



Menu 21.1.3 - IPX Filter Rule 
Filter #: 1,1 

Filter Type= IPX Filter Rule 
Active- No 
IPX Packet Type= 
Destination: Network #- 

Node #= 

Socket #= 

Socket # Comp- None 
Source: Network #= 
Node #= 
Socket #= 

Socket # Comp= None 
Operation- N/A 
More- No Log- None 

Action Matched- Check Next Rule 
Action Not Matched= Check Next Rule 



Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 8-6 Menu 21 .1 .3 - IPX Filter Rule 
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The table below describes the IPX Filter Rule. 

Table 8-6 IPX Filter Rule Menu Fields 



Field 


Description 


IPX Packet Type 


Enter the IPX packet type (1-byte in hexadecimal) you wish to 
filter. 

The popular types are (in hexadecimal): 

m rip 

U I - nlr 

04 - SAP 

05 - SPX (Sequenced Packet exchange) 
1 1 - NCP (Netware Core Protocol) 

14- Novell NetBIOS 


Destination/Source 
Network # 


Enter the destination/source network numbers (4-byte in 
hexadecimal) of the packet that you wish to filter. 


rioc+in3+ir\n/Qrii irca Mnrlo 
L/coUl IcLLIUI 1/OUUl l_>fcf InUUc 

# 


Cllltrl III lllc Ucolll IclllUI 1/bUUI Ofc? IIUUc? llUIIIUfcJI Uylc? Ill 

hexadecimal) of the packet you wish to filter. 


Destination/Source 
Socket # 


Enter the destination/source socket number (2-byte in 
hexadecimal) of the packets that you wish to filter. 


Destination/Source 
Socket # Comp 


Select the comparison you wish to apply to the 
destination/source socket in the packet against that specified 
above. 


Operation 


This field is applicable only if one of the Socket # fields is 0452 
or 0453 indicating SAP and RIP packets. There are seven 
options for this field that specify the type of the packet. 

• None. 

• RIP Rpmipqt 

• RIP Response. 

• SAP Request. 

• SAP Response. 

• SAP Get Nearest Server Request. 

• SAP Get Nearest Server Response 


Once you have completed filling in Menu 21.1.3 - IPX Filter Rule, press [Enter] at the 
message [Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. This 
data will now be displayed on Menu 21.1 - Filter Rules Summary. 
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8.5 Applying a Filter 

This section shows you where to apply the filter(s) after you design it (them). 

8.5.1 Ethernet traffic 

You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, 
reduce traffic and prevent security breaches. Go to Menu 3.1 (shown below) and enter the number(s) of the 
filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by 
entering their numbers separated by commas, e.g., 3, 4, 6, 11. 





Menu 3.1 - General Ethernet Setup 




Input Filter Sets: 




protocol filters^ 




device filters^ 




Output Filter Sets: 




protocol filters^ 




device filters^ 




Press ENTER to Confirm or ESC to Cancel: 





Figure 8-7 Filtering Ethernet traffic 



8.5.2 Remote Node Filters 

Go to Menu 1 1 .5 (shown below) and enter the number(s) of the filter set(s) as appropriate. You can cascade 
up to four filter sets by entering their numbers separated by commas. 

Menu 11.5 - Remote Node Filter 

Input Filter Sets: 
protocol filters^ 
device filters^ 
Output Filter Sets: 
protocol filters^ 
device filters- 
Call Filter Sets: 
protocol filters^ 
device filters— 



rigure o-o riixering i-iemoxe iMoae xranic 
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Chapter 9 

SNMP Configuration 

This chapter discusses SNMP ( Simple Network 
Management Protocol) for network 
management and monitoring. 

9.1 About SNMP 

Your Prestige 641 supports SNMP agent functionality, which allows a manager station to manage and 
monitor the Prestige through the network. Keep in mind that SNMP is only available if TCP/IP is 
configured on your Prestige. 

9.2 Configuring SNMP 

To configure SNMP, select SNMP Configuration (enter 22) from the Main Menu to open Menu 22 - 
SNMP Configuration, as shown in the figure below. The "community" for Get, Set and Trap fields is 
simply SNMP's terminology for password. 



Menu 22 - SNMP Configuration 



SNMP : 

Get Community- public 
Set Community- public 
Trusted Host= 0.0.0.0 
Trap: 

Community- public 
Destination= 0.0.0.0 



Press ENTER to Confirm or ESC to Cancel: 



Figure 9-1 Menu 22 - SNMP Configuration 



SNMP Configuration 
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The following table describes the SNMP configuration parameters. 



Table 9-1 SNMP Configuration Menu Fields 



Field 


Description 


Default 


Get 

Community 


Enter the get community, which is the password for the incoming 
Get- and GetNext- requests from the management station. 


public 


Set 

Community 


Enter the set community, which is the password for incoming Set- 
requests from the management station. 


public 


Trusted Host 


If you enter a trusted host, your Prestige will only respond to 
SNMP messages from this address. If you leave the field blank 
(default), your Prestige will respond to all SNMP messages it 
receives, regardless of source. 


blank 


Trap: 

Community 


Enter the trap community, which is the password sent with each 
trap to the SNMP manager. 


public 


Trap: 

Destination 


Enter the IP address of the station to send your SNMP traps to. 


blank 


Once you have completed filling in Menu 22 - SNMP Configuration, press [Enter] at the 
message [Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. 
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Chapter 10 

System Maintenance 

This chapter covers the diagnostic tools 
that help you to maintain your Prestige. 

The diagnostic tools include updates on system status, port status, log and trace capabilities and upgrades 
for the system software. This chapter describes how to use these tools in detail. 

Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below. 



Menu 24 - System Maintenance 



System Status 

System Information and Console Port Speed 

Log and Trace 

Diagnostic 

Backup Configuration 
Restore Configuration 
Firmware Update 
Command Interpreter Mode 



Enter Menu Selection Number: 



Figure 10-1 Menu 24 - System Maintenance 
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10.1 System Status 

The first selection, System Status, gives you information on the status and statistics of the ports, as shown 
below. System Status is a tool that can be used to monitor your Prestige. Specifically, it gives you 
information on your ADSL line status, number of packets sent and received. 

To get to the System Status, enter number 24 to go to Menu 24 - System Maintenance. From this menu, 
select number 1 , System Status. There are five commands in Menu 24.1 - System Maintenance - 
Status. Entering 1 resets the counters and ESC takes you back to the previous screen. 

The table below describes the fields present in Menu 24.1 - System Maintenance - Status. It should be 
noted that these fields are READ-ONLY and are meant to be used for diagnostic purposes. 









Menu 2 4.1 


-- System Maintenance 


- Status 










Node- 


Lnk 


Status 


TxPkts 


RxPkts 


Errors 


Tx B/s Rx 


B/s 


Up Time 


1 




Up 


1462 


1567 


0 


222 


211 


2 


15 


16 ■ 


2 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


3 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


4 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


5 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


6 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


7 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


8 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


9 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


10 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


11 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


12 




N/A 


0 


0 


0 


0 


0 


0 


00 


00 


Ethernet : 






WAN: 














Status: lOOM/Full Duplex 


Tx Pkts: 


0 Line Status : Up 












Collisions 


0 


Rx Pkts: 


0 Upstream Speed: 60 


8 kbps 


















Downstream Speed: 


4000 kbps 






CPU 


Load = 4 


25% 
























Press 


Command : 


















CMDS : 


1-Reset 


Counters ESC 


-Exit 











Figure 10-2 Menu 24.1 - System Maintenance - Status 



The following table describes the fields present in Menu 24.1 - System Maintenance - Status. 
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Table 10-1 System Maintenance - Status Menu Fields 



Field 


Description 


Node-Lnk 


This is the remote node index number and link type. Link types are : 
PPP, LLC, VC-IP, VC-IPX, or VC-BR 


Status 


Shows the status of the remote node. 


TxPkts 


The number of packets transmitted to this remote node. 


RxPkts 


The number of packets received from this remote node. 


Errors 


The number of error packets on this connection. 


Tx B/s 


Shows the transmission rate in bytes per second. 


Rx B/s 


Shows the receiving rate in bytes per second. 


Up Time 


Time this channel has been connected to the remote node. 


Ethernet 

Status 
Tx Pkts 
Rx Pkts 

("inlli^inn 

WUI 1 IOIU 1 1 


Shows the current status of the LAN. 
The number of transmitted packets to the LAN. 
The number of received packets from the LAN. 
Mnmhpr nf rnlli^inn^ 


WAN 

Line Status 

Upstream Speed 
Downstream Speed 


Shows the current status of the ADSL line which can be Up, Down, 
Wait for Init or Initializing. 

Shows the ADSL line upstream speed. 

Shows the ADSL line downstream speed 


CPU Load 


Specifies the percentage of CPU utilization. 


Press Command 
1 - Reset Counters 
ESC - Exit 


Press 1 to reset all the above statistics to 0. 
Press ESC to go back to Menu 24. 



Menu 24.2 System Information and Terminal Speed is as follows. 



Menu 24.2 - System Information and Terminal Speed 

1. System Information 

2 . Terminal Speed 

Figure 10-3 System Information and Terminal Speed 

Press 1 to display the next screen, Menu 24.2.1 - System Maintenance - Information. 



System Maintenance 
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Menu 24.2.1 - System Maintenance - Information 
Name : 

Routing: IP 

ZyNOS S/W Version: V2.21(C10) I 1/16/99 
ADSL Chipset Vendor: Alcatel, Version 1.5.2 
ANSI Version: ANSI Issue 2 

LAN 

Ethernet Address :00:a0:c5:02:34:56 
IP Address: 192.168.1.1 
IP Mask: 255.255.255.0 
DHCP: Server 

Press ESC or RETURN to Exit: 



Figure 10-4 System Maintenance - Information 
Table 10-2 Fields in System Maintenance - Information 



Field 


Description 


Name 


Displays the system name of your Prestige. This information can be 
modified in Menu 1 - General Setup. 


Routing 


Refers to the routing protocol used. 


ZyNOS S/W 
Version 


Refers to the ZyNOS (ZyXEL Network Operating System) software 
version. ZyNOS is a registered trademark of ZyXEL 
Communications Corporation. 


ADSL Chipset 
Vendor 


Displays the vendor of the ADSL chipset and ADSL modem 
software version. 


ANSI Version 


Refers to the ANSI Version. 


Ethernet Address 


Refers to the Ethernet MAC (Media Access Control) of your 
Prestige. 


IP Address 


This is the IP address of the Prestige in dotted decimal notation. 


IP Mask 


This shows the subnet mask of the Prestige. 


DHCP 


This field shows the DHCP setting (None, Relay or Server) of the 
Prestige. 



10.1.1 Terminal Speed 

You can change the speed of the console port through Menu 24.2.2 - Terminal Speed. Your Prestige 
supports 9600 (default), 19200, 38400, 57600, and 1 15200 bps for the console port. Use the space bar to 
select the desired speed in Menu 24.2.2, as shown in the following figure. 
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Menu 24.2.2 - System Maintenance - 


Terminal Speed 


Terminal Speed: 1152 0 0 




Press ENTER to Confirm or ESC to 


Cancel : 


Press Space Bar to Toggle. 





Figure 10-5 Menu 24.2.2 - System Maintenance - Terminal Speed 



10.2 Log and Trace 

There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored 
locally. The second is the UNIX syslog facility for message logging. 

10.2.1 Viewing Error Log 

The first place you should look for clues when something goes wrong is the error log. Follow the procedure 
below to view the local error/trace log: 

Step 1 . Enter 24 from the Main Menu to open Menu 24 - System Maintenance. 

Step 2. From Menu 24, enter 3 to open Menu 24.3 - System Maintenance - Log and Trace. 

Step 3. Enter 1 in Menu 24.3 - System Maintenance - Log and Trace to display the error log in the 
system. 

After the Prestige finishes displaying the error log, you will have the option to clear it. 
Examples of typical error and information messages are presented in the following figure. 



System Maintenance 
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7213 PINT 
Clear Error Log (y/n) : 



Figure lu-e Examples ot Error and information Messages 
10.2.2 Syslog And Accounting 

The Prestige uses the UNIX syslog facility to log the CDR (Call Detail Record) and system messages to a 
syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog 
and Accounting, as shown next. 



Menu 24.3.2 -- System Maintenance - UNIX Syslog and Accounting 



UNIX Syslog: 
Active- No 
Syslog IP Address= ? 
Log Facility- Local 1 



Types : 
CDR= No 

Packet triggered^ No 
Filter log- No 
PPP log= No 
Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 10-7 Menu 24.3.2 - System Maintenance - Syslog and Accounting 

You need to configure the UNIX syslog parameters described in the following table to activate syslog then 
choose what you want to log. 
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Table 10-3 System Maintenance Menu Syslog Parameters 



Parameter 


Description 


UNIX Syslog: 

Active 

Syslog IP Address 
Log Facility 


Use the space bar to turn on or off syslog. 
Enter the IP Address of your syslog server. 

Use the space bar to toggle between the 7 different Local options. The log facility 
allows you to log the message in different files in the server. Please refer to your 
UNIX manual for more detail. 


Types: 

CDR 

Packet triggered 
Filter log 
PPP log 


Call Detail Record (CDR) logs all data phone line activity if set to Yes. 

The first 48 bytes or octets and protocol type of the triggering packet is sent to the 
UNIX syslog server when this field is set to Yes. 

No filters are logged when this field is set to No. Filters with the individual filter Log 
Filter field set to Yes are logged when this field is set to Yes. 

PPP events are logged when this field is set to Yes. 



Your Prestige sends four types of syslog messages. Please see Enhanced Syslog in Appendix C for the 
message format. Some examples of these syslog messages are shown next: 

1. CDR 

Jul 19 11:19:27 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 
1, C01 Outgoing Call dev=2 ch=0 40002 

Jul 19 11:19:32 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 
1, C02 OutCall Connected 64000 40002 

Jul 19 11:20:06 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 

1, C02 Call Terminated 

2. Packet triggered 

Jul 19 11:28:39 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=l, 
Data=4 500003cl00 10000 If 0 1 0 0 04c0a8 6614ca84 9a7b0 8 0 04a5c02 0 0 0 1 0 0 61 62 63 64 65 6667 68 6 96a6b6c6d6e6 
f 7071727374 

Jul 19 11:28:56 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=l, 

Data = 4 500002clb014 0001f 0 6b5 0ec0a8 6 614ca84 9a7b0427 0 0 17 0 0 1 95b3e0 0 0 0 0 0 0 0 60 022 0 0 0 8cd4 0 0 0 0 02 04 0 

5b4 
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Jul 19 11:29:06 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=l, 
Data=45000028240140001f06acl2c0a8 6614ca84 9a7b0427001700195b451dl430135004000077 600000 



3. Filter log 

Jul 19 14:43:55 192.168.102.2 ZyXEL Communications Corp.: IP [Src=202 . 132 . 154 . 123 
Dst=255 . 255 . 255 . 255 UDP spo=0208 dpo=02 0 8 ] } S03>R0 lmF 

Jul 19 14:44:00 192.168.102.2 ZyXEL Communications Corp.: IP [ Src=l 92 . 1 68 . 1 02 . 2 0 
Dst=202 . 132 . 154 . 1 UDP spo=05d4 dpo=0 035 ] } S03>R0 lmF 

Jul 19 14:44:04 192.168.102.2 ZyXEL Communications Corp.: IP [ Src=l 92 . 1 68 . 1 02 . 2 0 
Dst=202 . 132 . 154 . 1 UDP spo=05d4 dpo=0 035 ] } S03>R0 lmF 



4. PPP log 

Jul 19 11:42:44 192.168.102.2 ZyXEL Communications Corp. 
Jul 19 11:42:49 192.168.102.2 ZyXEL Communications Corp. 



ppp:LCP Closing 
ppp:IPCP Closing 



Jul 19 11:42:54 192.168.102.2 ZyXEL Communications Corp.: ppp:CCP Closing 

10.3 Diagnostic 

The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working 
properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, 
as shown. 



Menu 24.4 - System Maintenance - Diagnostic 



WAN 

1. Reset ADSL 



TCP/IP 

12. Ping Host 



System 

21. Reboot System 

22. Command Mode 



Enter Menu Selection Number: 
Host IP Address= N/A 



Figure 10-8 Menu 24.4 - System Maintenance - Diagnostic 

Follow the procedure below to get to Diagnostic 

Step 1 . From the Main Menu, enter 24 to open Menu 24 - System Maintenance. 
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Step 2. From this menu, enter 4 to open Menu 24.4 - System Maintenance - Diagnostic. 

The following table describes the diagnostic tests available in Menu 24.4 for your Prestige and the 



connections. 


Table 10-4 System Maintenance Menu Diagnostic 


Field 


DpQorintinn 


Reset ADSL 


This command re-initializes the ADSL link to the telephone company. 


Ping Host 


This diagnostic test pings the host, which determines the functionality of the 
TCP/IP protocol on both systems and the links in between. 


Reboot System 


This option reboots the Prestige. 


Command Mode 


This option allows you to enter the command mode. This mode allows you to 
diagnose and test your Prestige using a specified set of commands. 



10.4 Backup Configuration 

Option 5 in Menu 24 - System Maintenance allows you to backupthe current Prestige configuration to 
your workstation. Backup is highly recommended once your Prestige is functioning properly. 

You must perform the backup and restore through the console port. Any serial communications program 
should work fine; however, you must use XMODEM protocol to perform the download/upload. 

Please note that terms "download" and "upload" are relative to the workstation. Download means to 
transfer from another machine to the workstation, while upload means from your workstation to another 
machine. 

10.5 Restore Configuration 

Selecting option 6 from Menu 24 - System Maintenance to restore the configuration from your 
workstation to the Prestige. Again, you must use the console port and XMODEM protocol to restore the 
configuration. 

Keep in mind that the configuration is stored in the flash ROM in the Prestige, so even if power failure 
should occur, your configuration is safe. 

10.6 Firmware Update 

Menu 24.7 - System Maintenance - Upload Firmware allows you to upgrade the firmware and the 
configuration file via the console port. Note that this function erases the old data before installing the new 
one; please do not attempt to update unless you have the new firmware at hand. There are 2 components in 
the system: the router firmware and the configuration file, as shown below. 
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Menu 2 4 


7 -- System Maintenance - Upload Firmware 


1 . 


Upload Router Firmware 


2 . 


Upload Router Configuration File 




Enter Menu Selection Number : 



Figure 10-9 Menu 24.7 - System Maintenance - Upload Firmware 
10.6.1 Upload Router Firmware 

The firmware is the program that controls the functions of the Prestige. Menu 24.7.1 shows you the 
instructions for uploading the firmware. If you answer yes to the prompt, the Prestige will go into debug 
mode. Follow the procedure below to upload the firmware: 

1. Enter "atur" after the "Enter Debug Mode" message. 

2. Wait for the "Starting XMODEM upload" message before activating Xmodem upload on 
your terminal. 

3. After successful firmware upload, enter "atgo" to restart the Prestige. 



Menu 24.7.1 -- System Maintenance - Upload Router Firmware 
To upload router firmware: 

1. Enter "y" at the prompt below to go into debug mode. 

2. Enter "atur" after "Enter Debug Mode" message. 

3. Wait for "Starting XMODEM upload" message before activating 
Xmodem upload on your terminal. 

4. After successful firmware upload, enter "atgo" to restart the 
router . 

Warning: Proceeding with the upload will erase the current router 
firmware . 



Do You Wish To Proceed: (Y/N) 



Figure 10-10 Menu 24.7.1 - Uploading Router Firmware 
10.6.2 Uploading Router Configuration File 

The configuration data, system-related data, the error log and the trace log are all stored in the configuration 
file. Please be aware that uploading the configuration file replaces everything contained within. 
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Menu 24.7.2 shows you the instructions for uploading the configuration file. If you answer yes to the 
prompt, the Prestige will go into debug mode. Follow the procedure below to upload the configuration file: 

1. Enter "atur3" after the "Enter Debug Mode" message. 

2. Wait for the "Starting XMODEM upload" message before activating Xmodem upload on 
your terminal. 

3. After successful firmware upload, enter "atgo" to restart the Prestige. 



If you replace the current configuration file with the default configuration file, i.e., P641.rom, you will lose 
all configurations that you had before and the speed of the console port will be reset to the default of 9600 
bps with 8 data bit, no parity and 1 stop bit (8nl) . You will need to change your serial communications 
software to the default before you can connect to the Prestige again. The password will be reset to the 
default of 1234, also. 



Menu 24.7.2 - System Maintenance - Upload Router Configuration File 
To upload router configuration file: 

1. Enter "y" at the prompt below to go into debug mode. 

2 . Enter "atur3" after "Enter Debug Mode" message . 

3 . Wait for "Starting XMODEM upload" message before activating 
Xmodem upload on your terminal. 

4. After successful firmware upload, enter "atgo" to restart the 
router . 

Warning : 

1 . Proceeding with the upload will erase the current router 
configuration file. 

2 . The router ' s console port speed (Menu 2 4.2.2) may change when 

it is restarted; Please adjust your terminal's speed accordingly. The 
password (menu 23) may change also. 

3. When uploading the DEFAULT configuration file, the console port speed 
will be reset to 9600 bps and the password to "1234". 

Do You Which To Proceed: ( Y/N) 



Figure 10-11 Menu 24.7.2 - System Maintenance - Upload Router Configuration File 



10.7 Command Interpreter Mode 

This option allows you to enter the command interpreter mode. A list of valid commands can be found by 
typing [help] at the command prompt. For more detailed information, check the ZyXEL Web site or send e- 
mail to the ZyXEL Support Group. 
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Enter Menu Selection Number: 8 

Copyright (c) 1994 - 1999 ZyXEL Communications Corp. 

ras> ? 

Valid commands are: 

sys exit device ether 

wan ip ppp bridge 

ipx hdap 



i-igure iu-iz uommana moae 

10.8 Boot module commands 

Prestige boot module commands with accompanying explanations are shown in the following table. For 
ATBAx, x denotes the number preceding the colon to give the console port speed following the colon in the 
list of numbers that follows; e.g. ATBA3 will give a console port speed of 9.6 Kbps. ATSE displays the 
seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH command 
shows product related information such as boot module version, vendor name, product model, RAS code 
revision, etc. 



------- Debug Command Listing ------- 



AT 


just answer OK 


ATHE 


print help 


ATBAx 


change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k 


ATENx, (y) 


set BootExtension Debug Flag (y-password} 


ATENx, (y) 


set BootExtension Debug Flag (y-password) 


ATSE 


show the seed of password generator 


ATTI (h,m, s) 


change system time to hour:min:sec or show current time 


ATDA (w, y, m, d) 


change system date to week year/month/day or show current date 


ATDS 


dump RAS stack 


ATDT 


dump Boot Module Common Area 


ATDUx, y 


dump memory contents from address x for length y 


ATRBx 


display the 8-bit value of address x 


ATRWx 


display the 16-bit value of address x 


ATRLx 


display the 32-bit value of address x 


ATGO (x) 


run program at addr x or boot ZyNOS 


ATGR 


boot ZyNOS 


ATGT 


run Hardware Test Program 


ATRTw, x, y ( , z ) 


RAM test level w, from address x to y (z iterations) 


ATSH 


dump manufacturer related data in ROM 


ATDOx, y 


download from address x for length y to PC via XMODEM 


ATUR 


upload RAS code to flash ROM 


ATUR3 


upload RAS configuration file 



Figure 10-13 Boot module commands 
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Chapter 1 1 

Troubleshooting 

This chapter covers the potential problems you may 
run into and the possible remedies. After each 
problem description, some instructions are provided 
to help you to diagnose and to solve the problem. 

1 1 .1 Problems Starting Up the Prestige 



Table 11-1 Troubleshooting the Start-Up of your Prestige 



Problem 


Corrective Action 


None of the LEDs are on when 
you power on the Prestige 


Check the connection between the AC adapter and the Prestige. 

If the error persists, you may have a hardware problem. In this case 
you should contact technical support. 


Cannot access the Prestige via 
the console port. 


1 .Check to see if the Prestige is connected to your computer's serial 
port. 


2. Check to see if the 
communications program is 
configured correctly. The 
communications software should 
be configured as follows: 


VT100 terminal emulation 


9600 bps 


No parity, 8 Data bits, 1 Stop bit. 
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1 1 .2 Problems With the WAN Interface 

Table 11-2 Troubleshooting the ADSL connection 



Problem 


Corrective Action 


Initialization of the PVC 
connection failed. 


Ensure that the cable is connected properly from the ADSL port to the wall 
jack. The ADSL LED on the front panel of the Prestige should be on. Check 
that your VPI, VCI, type of encapsulation and type of multiplexing settings are 
the sama as what you collected from your telephone company and ISP. Reboot 
the Prestige. If you still have problems, you may need to verify these variables 
with the telephone company and/or ISP. 



11.3 Problems with the LAN Interface 

Table 11-3 Troubleshooting the LAN Interface 



Problem 


Corrective Action 


Can't ping any station on the LAN 


Check the Ethernet LEDs on the front panel. The LED should be 
on for a port that has a station connected. If it is off, check the 
cables between your Prestige and the station. 


Verify that the IP address and the subnet mask are consistent 
between the Prestige and the workstations. 


11.4 Problems Connecting to a Remote Node or ISP 

Table 11-4 Troubleshooting a Connection to a Remote Node or ISP 


Problem 


Corrective Action 


Can't connect to a remote node or 
ISP 


Check Menu 24.1 to verify the line status. If it indicates [down], then 
refer to the section on the line problems. 




In Menu 11.1, verify your login name and password for the remote 
node. 
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Acronyms and Abbreviations 



ADSL 


Asymmetrical Digital Subscriber Line 


CDR 


Call Detail Record 


CHAP 


Challenge Handshake Authentication Protocol 


CSU/DSU 


Channel Service Unit/Data Service Unit 


DCE 


Data Communications Equipment 


DHCP 


Dynamic Host Configuration Protocol 


DNS 


Domain Name System 


DSLAM 


Digital Subscriber Line Access Multiplexer 


DTE 


Data Terminal Equipment 


IANA 


Internet Assigned Number Authority 


IP 


Internet protocol 


IPCP (PPP) 


IP Control Protocol 


IPX 


Internetwork Packet eXchange 


ISDN 


Integrated Service Digital Network 


ISP 


Internet Service Provider 


LAN 


Local Area Network 


MAC 


Media Access Control 


NAT 


Network Address Translation 


PAP 


Password Authentication Protocol 


POTS 


Plain Old Telephone Service 


PPP 


Point to Point Protocol 


PSTN 


Public Switched Telephone Network 


RFC 


Request For Comment 


RIP 


Routing Information Protocol 


SAP 


(IPX) Service Advertising Protocol 


SNMP 


System Network Management Protocol 
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STP Shielded Twisted Pair (cable) 

SUA Single User Account 

TCP Transmission Control Protocol 

UDP User Datagram Protocol 

VCI Virtual Channel Identifier 

VPI Virtual Path Identifier 

WAN Wide Area Network 
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Appendix A 

PPP over Ethernet 

PPPoE (PPP over Ethernet, RFC 2516) uses Ethernet as a point-to-point link to transport PPP frames. 
PPPoE offers the following benefits: 

1 . It provides you with a familiar dial-up networking (DUN) user interface. 

2. It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple 
switches for thousands of users. For GSTN (PSTN & ISDN), the switching fabric is already in place. 

3. It allows the ISP to use the existing dial-up model to authenticate and (optionally) to provide 
differentiated services. 

Traditional Dial-up Scenario 

The following diagram depicts a typical hardware configuration where the PCs use traditional dial-up 
networking. 




ADSL Modem 



Diagram 1 Single-PC per Modem Hardware Configuration 

The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while 
the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the 
AC is acting as a L2TP (Layer 2 Tunnelling Protocol) LAC (L2TP Access Concentrator) and tunnels the 
PPP frames to the ISP. The L2TP tunnel is capable of carrying multiple PPP sessions. 

With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and 
the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP. 
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Prestige as a PPPoE Client 

PPPoE is transparent to a broadband modem; the modem simply bridges the Ethernet frames from one port 
to another. However, when an ADSL Prestige is deployed in such a setup, it must appear as a single host to 
the AC. 




Diagram 2 Prestige as a PPPoE Client 
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Appendix B 

VPI & VCI 

ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems 
communicate. The terminology for virtual circuits is as follows: 

• VC (virtual channel) Logical connections between end stations 

• VP (virtual path) A bundle of VCs 

Think of a VP as a cable that contains a bundle of wires. The cable connects two points, and wires within 
the cable provide individual circuits between the two points. In an ATM cell header, a VPI (Virtual Path 
Identifier) identifies a link formed by a virtual path and a VCI (Virtual Channel Identifier) identifies a 
channel within a virtual path. The VPI and VCI are identified and correspond to termination points at ATM 
switches as shown. Your telephone company should supply you with these numbers. 




Diagram 3 VPI's & VCI's. 
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Appendix C 

Enhanced Syslog 



SdcmdSyslogSend( SYSLOG_CDR, SYSLOGJNFO, String ); 
String = board xx line xx channel xx, call xx, str 
board = the hardware board ID 
line = the WAN ID in a board 
Channel = channel ID within the WAN 

call = the call reference number which starts from 1 and increments by 1 for each new call 

str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.) 

C01 Incoming Call xxxxBps xxxxx (L2TP,xxxxx means Remote Call ID) 

C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID) 

L02 Tunnel Connected(L2TP) 

C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call ID) 
C02 CLID call refused 
L02 Call Terminated 
C02 Call Terminated 

Packet triggered 

sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); 

String = Packet trigger: Protocol=xx Data=xxxxxxxxxx x 

Protocol: (1 :IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) 
Data: We will send forty-eight Hex characters to the server 

Filter log 

SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); 
String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01 mD 

IP[...] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). 

Src: Source Address 

Dst: Destination Address 

prot: Protocol ("TCP","UDP","ICMP") 
spo: Source port 
dpo: Destination port 
PPP Log 

sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); 

String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown 

Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / 

IPXCP 
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Authentication, 4-3, 4-4 

B 

Bridge. See Bridging 

Bridging, 2-10, 2-11, 4-4, 7-1 , 7-3 

Ethernet Setup, 7-1 

Handle IPX, 7-2 

Remote Node, 7-2 

Static Route, 7-4 

c 

CDR, 10-7 
CHAP, 4-3 

Connecting the Prestige, 2-2 
Connections 

Additional Requirements, 2-2 

ADSL Line, 2-2 

Console Port, 2-2 

LAN Port, 2-2 

Power Adapter, 2-2 

Rear Panel, 2-1 
Copyright, ii 
Customer Support, v 

D 

Diagnostic Tools, 10-1, 10-8 
Backup, 10-9 

Boot Module Commands, 10-12 
Command Interpreter Mode, 10-11 
Firmware Update, 10-9 

Upload Router Configuration, 10-10 
Upload Router Firmware, 10-10 
Reset ADSL, 10-9 
Restore, 10-9 
Digital Subscriber Line Access Multiplexer, 1-3 
DNS, 3-4 

Domain Name System, 3-2 



Index 

DSLAM. See Digital Subscriber Line Access 

Multiplexer 
Dynamic Host Configuration Protocol, 3-2 

E 

Encapsulation, 1-2, 3-7, 3-8, 3-9, 3-10, 4-3, 4-5 
ENET ENCAP, 3-7 
PPP, 3-7 

PPP over Ethernet, 3-7 
RFC 1483, 3-7 
Ethernet, 2-10 

F 

FCC Rules, iii 

Filename Conventions, 2-8 

Filter, 2-11 

About, 8-1 

Applying, 8-12 
Ethernet, 8-12 
Remote Node, 8-12 

Configuring a Filter Set, 8-1 

Filter log, 10-7 

Generic Rule, 8-8 

IPX 

Packet Types, 8-11 

IPX Rule, 8-10 

Remote Node, 4-5 

Rules, 8-2 

Structure, 8-1 

SUA, 8-4 

TCP/IP, 8-5 
Frame Relay, 1-3 
Frame Types, 6-1, 6-4 

G 

Gateway, 5-7, 6-9, 7-5 
General Setup, 2-9 
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Hop Count, 6-7, 6-9 
Housing, 2-3 



IANA, 3-1 
Initialization, 2-4 

Internet Access, 1, ii, xvi, 1-1, 1-2, 1-3, 2-7, 2-11, 3-1, 

3-7, 3-8, 3-9, 3-12, 5-4 
IP Address, 3-2, 3-6, 4-4, 5-4, 5-7, 7-5 
IP network number, 3-1 
IP Pool, 3-2 
IP static route, 5-5 
IPX, 6-1 

Ethernet Setup, 6-4 

LAN-to-LAN, 6-5 

Network Number, 6-2 

Node Number, 6-1 

Novell, 6-5 

Prestige, 6-2 

Remote Node Setup, 6-6 

Static Route, 6-8 
IPX 

Network Number, 6-1 



LAN, 10-3 
LAN-to-LAN, 5-1 
LED Indicators, 2-1 
Log and Trace, 10-5 

View Error Log, 10-5 
Log Facility, 10-7 



LLC-based, 5-2 
VC-based, 5-2 
Multiprotocol Encapsulation, 3-7 



N 



NetWare Clients, 6-3 
NIC, 2-2 
Novell, 6-1 



Packet triggered, 10-7 
PAP, 4-3 

Password, 2-5, 2-8 
Ping, 10-9 

Point-to-Point, xviii, E 
PPP, 4-4 
PPP log, 10-7 
Private, 5-4, 5-7 
Protocols, 2-10 

R 

RAS code, 10-10 
Remote DHCP Server, 3-4 
Remote Node, 4-1, 10-3 

Profile, 4-1 

Setup, 4-1 
Resetting the Prestige, 2-8 
RIP, 3-6, 5-4 
Route, 4-4 

Routing Information Protocol, 



3-2 



M 

MAC, 7-1 
Main Menu, 2-7 

Media Access Control. See MAC 

Metric, 5-4, 5-7 

Multiplexing 

LLC-based, 3-6 

VC-based, 3-6 
Multiplexing, 1-2, 3-6, 3-8, 3-9, 4-3, 5-2 



Security, 1-2 
Seed Router, 6-3, 6-4 
Single User Account, 3-9. See SUA 
SNMP 
About, 9-1 
Configuring, 9- 1 

Community, 9-1 

Trap, 9-2 

Trusted Host, 9-2 
Socket, 6-9 
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Static Route Setup, 5-5 
STP, 2-2 

SUA, 1-3, 3-10, 5-4 

Advantages, 3-11 

Configuration, 3-12 

Multiple Servers, 3-13 
Submenus, 2-6 

Subnet Mask, 3-2, 3-6, 5-4, 5-7 
Syslog IP Address, 10-7 
System 

Syslog And Accounting, 10-6 

System Management Terminal, 2-6 
System Status, 10-2 

T 

TCP/IP, 5-1, 10-9 
TCP/IP Parameters, 3-1 
Telephone Microfilters, 2-3 
Terminal Speed, 10-4 



Tick Count, 6-7, 6-9 
Transmission Rates, xvi, 1-1 
Troubleshooting, 11-1 

ADSL, 11-2 

LAN, 11-2 

Remote Node, 11-2 

u 

UNIX Syslog, 10-6, 10-7 

V 

VPI & VCI, 3-6, G 

w 

WAN Address, 5-4 
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